The Robservatory

Robservations on everything…

 

Site upgrade complete

We're now running the latest version of WordPress -- if you run WordPress and aren't on 2.3.3 yet, I strongly recommend upgrading, or at least patching your xmlrpc.php file. There's a security problem with that file in older WordPress releases, as detailed in this WordPress blog post:

If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.

This actually happened here; two posts were modified to include links to malware and ringtone sites.

Most everything is back up and working as it was before, though sadly, the King Login widget, which allowed logins directly in the sidebar, doesn't work at all with 2.3.3, so it's been disabled. While working on the upgrade, my comment spam blocker was offline for all of 10 minutes or so. During that time, three anonymous spammy comments were submitted -- sheez!

2 Comments

Add a Comment
  1. I'm glad you mentioned this... I wasn't going to upgrade because it is always a hastle... but a xmlrpc patch isn't too hard now, is it?

Leave a Reply

Your email address will not be published. Required fields are marked *

The Robservatory © 2020 • Privacy Policy Built from the Frontier theme