Know the Code

WP Security Bug…

The IT Kitchen was recently hacked, and because of that, Shelley has found a critical bug in both WP 1.2.x and 1.3a. She provides the full details on what is wrong and how to fix it. There is also a thread in the forums that details the bug and the fix for it.

This was actually an already known bug, but unfortunately the WordPress forums don’t really explain what to fix to prevent it from happening in that post, and there hasn’t been much of a public push to fix the code. Until now.

If you’re running WordPress, please visit Shelley’s site and fix the code to prevent this from happening to you.


(Do you think that will get people’s attention?)

By Christine

Christine is an Avenger of Sexiness. Her Superpower is helping Hot Mamas grow their Confidence by rediscovering their Beauty. She lives in the Heights in Houston, Texas, works as a boudoir photographer, and writes about running a Business of Awesome. In her spare time, she loves to knit, especially when she travels. She & her husband Mike have a food blog at Spoon & Knife.

18 replies on “WP Security Bug…”

Thanks for scaring people with the CRITICAL BUG. A critical issue would be if someone could break in to the machine and take total control of it. This is an annoyance at best. If you scare people like that with this then they will stop listening soon enough and when there is a real critical fix blamo.

Michael, while I appreciate your opinion that it shouldn’t be called a critical bug, I wonder what else you would call it? Someone being able to hack your site isn’t critical to you? Well, it is to me…

This is a bug but there’s several ways it can get worse. No one can change your posts, take control so you can’t get access, delete your website, impersonate you, get your personal financial information, steal passwords and countless other things I haven’t thought about. This is a bug that lets people break your website. There’s lots of other things that will break programs. That’s the normal state of affairs.

A CRITICAL BUG would be one that would allow someone to take control of your site in a way to impersonate you and prevent you from having the access to it to prevent or correct the situation.

Michael, a critical bug is bug that causes what people perceive to be a critical failure of the software. I think a hole in the software that allows a key piece of information to be changed just by typing a URL into a browser, a change which then renders the site unreadable, not to mention making it impossible to log into administration, to be a ‘critical’ bug; especially if you’re not a coder and have no idea what is going on. Heck, even if you’re a coder, and still have no idea what is going on.

As for delete a website — that’s not critical, our hosts can usually recover it. Change your posts? Ditto. Get your financial information? How the heck would that happen with WordPress?

Every software has ‘worst cases’ of bugs associated with the type of software, and making a weblog unreadable would be within the range of ‘worst case’ for a weblogging tool.

Breaking a site that badly is not the ‘normal’ state of affairs–not if you want your product to have any credibility.

I appreciate Christine spreading the word on this. I just wish that the WordPress developers would stop telling people this is a ‘minor’ problem, being reported by people ‘freaking out’. Well, they can continue — but all they’re doing is hurting the software.

Comments are closed.