I was reading through my RSS Feeds today, and Darren Rowse mentioned that there was a security concern pointed out to him from Dr Dave regarding a feature of WordPress that allows guests to the site to register as users on the site.
Some people have made it so you have to register on their blog before you can comment, and while it is not used often, if you have left the “Allow anyone to register” checkbox in, you could find yourself with a security problem.
“Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.”
So far the word on the street is that 2.0.4 which is going to be released soon should fix this completely, but it is mostly those using 2.0.2 and under that are at risk.
I really wish that WordPress could do updates via the Admin interface, rather than me downloading, deleting, uploading, upgrading, hoping… But that is a rant for another time.