Blogging Fool

23 Aug, 2009

WordPress Encourages Update to Security Patch 2.8.4

Posted by: Blogging Fool In: Blogging Tips|Wordpress

To everyone using a WordPress custom installation I strongly recommend upgrading to the latest patch version 2.8.4 which not only includes the previous point patches but prevents a malicious hack of the admin backend. Per the official statement from Automattic:

“[A] specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.”

It is easy to install the update – simply click the upgrade button from your admin backend and confirm that you want to apply the patch. Be sure to backup your database using a plugin like Lester Chan’s excellent WP DB Manager in advance, to be sure.

Read more about the latest WordPress security fix 2.8.4 at the official Automattic site.

Tweet This Post Plurk This Post

Tags: Admin Account, Attacker, Backend, custom installation, Hack, Lester Chan, malicious attempt, Password Reset, patch, Patches, Security Check, security fix, Security Patch, upgrade, vulnerability, Wordpress, Wp

Name:
E-mail address:
Blogging Fool
Subscribe

WordPress Encourages Update to Security Patch 2.8.4

No Responses to "WordPress Encourages Update to Security Patch 2.8.4"

Comment Form

Categories

Archives

Meta

Blogroll

Search

About

Sign up for my private newsletter!