WordPress Rolls Out 2.6.2 – Its A Mandatory This Time – And How
The good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a loophole which occurs if your blog has registrations open.
From the horse’s mouth:
If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
Certainly seems a very important reason to update to 2.6.2. And if you find the process of upgrading WordPress blog a pain, here’s an effortless way of doing it.
If you enjoyed this post, make sure you subscribe to my RSS feed! Possibly Related posts:- WordPress today released the first beta of WordPress 2.7 as
- WordPress follows the Open Source policy of release early, release
- The holidays are upon us :) 't is the season
- It's been about 1 and half years since I started
- Dolphin's fast loading times and clean interface made me consider
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Sounds like I should do an upgrade even though i hate it!
???????, ???? ????????!
????? ???????))))??? ???????, ? ? ??? ???? RSS ????? ? ???? ??????
how to install wordpress on blogger can any help it out
Sweety, Blogger and WordPress are 2 mutually exclusive blogging platforms, you cannot install blogger on top on WordPress or WordPress on top of Blogger.