On TV.com: EVANGELINE LILLY photos
BNET Business Network:
BNET
TechRepublic
ZDNet

July 15th, 2008

WordPress 2.6 disables remote access, swats 194 bugs

Posted by Ryan Naraine @ 3:55 am

Categories: Patch Watch, Hackers, Browsers, Vulnerability research, Responsible disclosure, Botnets, Data theft, Open source, Passwords, Blogroll, Denial of Service (DoS), Arbitrary Code Execution, Malware, Web Applications, Web 2.0

Tags: Remote Access, Wordpress, WordPress 2.6, Security, Ryan Naraine

WordPress to disable remote logins by defaultWordPress, one of the fastest growing blog software providers, has shipped a new update with fixes for nearly 200 bugs and a major security-related change to disable remote publishing protocols by default.

With WordPress 2.6, the open-source software promises to be more secure out-of-the-box with full SSL support in the core, and the ability to force SSL for security.

Even more importantly, WordPress has disabled the Atom Publishing Protocol and the variety of XML-RPC protocols by default to shut down a potential security risk.

The software upgrade also comes with “a number of proactive security enhancements, including cookies and database interactions,” and about 194 bug fixes, some security-related.

WordPress lead developer Ryan Boren has published more details on SSL and cookie handling.

If you manage a WordPress blog, this should be considered an important update.  You should also pay close attention to Matt Mullenweg’s security recommendations.

* Image source: Nikolay Bachiyski’s photostream (Creative Commons 2.0)

Ryan Naraine is a security evangelist at Kaspersky Lab, an anti-malware company with operations around the world. See his full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

  • Talkback
  • Most Recent of 5 Talkback(s)
Gee, I wonder who does that.....
Their name wouldn't begin with an "M" by chance, now would it?

cool... (Read the rest)
Posted by: b8375629@ Posted on: 07/16/08 You are currently: Logged In as: a Guest  | Login | Terms of Use
Condom photo  brilang | 07/15/08
Why not?  djchandler | 07/15/08
Another OpenSource Triumph!  PMC-CON | 07/15/08
Well, at least they don't try to hide the bugs ...  OldGuru | 07/15/08
Gee, I wonder who does that.....  b8375629@... | 07/16/08

What do you think?

No Trackbacks Yet

The URI to TrackBack this entry is:
http://blogs.zdnet.com/security/wp-trackback.php?p=1345

advertisement

Recent Entries

advertisement

Archives

ZDNet Blogs

Storage Virtualization

  • In virtual environments, storage matters. It influences everything from application availability and disaster readiness to power consumption and TCO. Bottom line: Don’t defeat the purpose of your consolidation by skimping on storage.
  • From our sponsors
  • EMC Corporation
  • ESG applauds new CX4 in analyst report According to ESG, it's hard to find much missing in the new CLARiiON CX4. Read the report to learn more »
  • EMC
advertisement
Click Here