Performancing Metrics

WordPress Guest Registration Security Concern

by David Peralty on July 27th, 2006 7 Comments

I was reading through my RSS Feeds today, and Darren Rowse mentioned that there was a security concern pointed out to him from Dr Dave regarding a feature of WordPress that allows guests to the site to register as users on the site.

Some people have made it so you have to register on their blog before you can comment, and while it is not used often, if you have left the “Allow anyone to register” checkbox in, you could find yourself with a security problem.

“Leaving it open and letting people sign-up for guest accounts on your Wordpress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.”

So far the word on the street is that 2.0.4 which is going to be released soon should fix this completely, but it is mostly those using 2.0.2 and under that are at risk.

I really wish that WordPress could do updates via the Admin interface, rather than me downloading, deleting, uploading, upgrading, hoping… But that is a rant for another time.

Categories: WordPress News



Comments

  1. war59312 says: 7/27/2006

    Yeah I just hope “they” release the code so we can fix up old 1.5 blogs too, that’s if they are even effected by this. ;)

  2. Smith says: 9/22/2006

    Greetings%21..

  3. bestec-burjuiam says: 10/29/2006

    HAVANA (AP) Photographs of Fidel Castro standing and talking on the phone were published Sunday in Cuba’s state-run media, a day after the ailing leader appeared in a video to dispel rumors he was on his deathbed.

    The Communist Youth newspaper Juventud Rebelde dedicated its front page to the Cuban president, printing a blown-up picture of a pensive Castro with the title “Always fighting for something, and fighting with optimism!”

  4. Nick says: 12/10/2006

    I’ve always found the update of Wordpress to be really, for lack of a better word, annoying…

    I’ve used Xoops before, and upgrading is a snap.. just download, and click update at the admin interface…

    Wordpress, should really be able to accomplish this soon… I hope this is one of their milestones..

  5. Angelos says: 11/19/2007

    Nice…

  6. Faggot59 says: 10/22/2009

    I planon saving some for my next planting. ,

  7. His_wife24 says: 10/23/2009

    Comments: 3 Comments I head for Pullman, Washington in a rented car, a drive that many of those who live in the jungle cities of my adopted rain forest home assured me is both desolate and dangerous. ,