Mandatory Upgrade

Ok – don’t shoot the messenger!  THEY said “Mandatory Upgrade”.

I would never, knowing you, ever, remotely come close, to being that bossy with y’all.  Okay, maybe I would.  And this is probably one of those rare (ahem) times.

WordPress 2.6.2 is considered a “Mandatory Upgrade” for a lot of geekaleze reasons.  But at the end of a lot of confusing schtuff, this is what they say:

“The attack is difficult to accomplish,  but its mere possibility means we recommend upgrading to 2.6.2.”

And by attack – they do mean security attack.

I read through the geekaleze, translating to english when needed, and this is the Cathy-version: On the RARE chance that someone figures out how to enter a username in this particularly mean way, they can reset the password of another user.  And if they understand the current weakness in SQL they may be able to predict the automatically generated password that they just reset.  And this will only happen if you allow open registration.

Open registration is automatic unless you change the options under “Settings” – “General” – “Membership”.  And people do not need to register to comment if you have unchecked the next box in that same screen.   So there you have it:  upgrade!

Good luck!

Cathy

To back up, see this post.

To upgrade, see this post.

Similar Posts

One Comment

  1. Hi, I found your blog on this new directory of WordPress Blogs at blackhatbootcamp.com/listofwordpressblogs. I dont know how your blog came up, must have been a typo, i duno. Anyways, I just clicked it and here I am. Your blog looks good. Have a nice day. James.

Leave a Reply

Your email address will not be published. Required fields are marked *