Ok – don’t shoot the messenger! THEY said “Mandatory Upgrade”.
I would never, knowing you, ever, remotely come close, to being that bossy with y’all. Okay, maybe I would. And this is probably one of those rare (ahem) times.
WordPress 2.6.2 is considered a “Mandatory Upgrade” for a lot of geekaleze reasons. But at the end of a lot of confusing schtuff, this is what they say:
“The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.”
And by attack – they do mean security attack.
I read through the geekaleze, translating to english when needed, and this is the Cathy-version: On the RARE chance that someone figures out how to enter a username in this particularly mean way, they can reset the password of another user. And if they understand the current weakness in SQL they may be able to predict the automatically generated password that they just reset. And this will only happen if you allow open registration.
Open registration is automatic unless you change the options under “Settings” – “General” – “Membership”. And people do not need to register to comment if you have unchecked the next box in that same screen. So there you have it: upgrade!
To back up, see this post.
To upgrade, see this post.