By MBPDLPayday Loans


看来是非升不可的. 因为这次Wordpress给出的升级说明是”urgent security release”. 嗯, 据说网上已经有很多人的blog因此而被攻击导致comments尽数丢失.

养鸡堂好像都开了注册功能, 大家自个儿看着升级吧, 推荐用ssh连上去直接wget然后在服务器上解压,这样比用FTP传要快多了.

hoho, 诸位还是做security的呢 :P  赶紧升级吧~

BTW, 升级前请记得deactive所有的plugin,并仔细阅读升级说明.

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly.  While you’re updating WP and your plugins, consider refreshing your passwords.

Leave a Reply