Posted 6 years ago #
I really want to use wordPress but I dont want to take the rick of my server being comprimised. Please give us a timeline on when this will be resolved. See below for link.
theBleeber
WordPress Cookie Data PHP Code Injection Vulnerability
2005-08-10
http://www.securityfocus.com/bid/14533
Would you please discuss these things with the developers, rather than posting them on a public forum, so that the good people here don't panic, and the bad people here don't run off to test this exploit on unsuspecting blogs? This is just simple plea to the many who have posted about this today. Please use some common sense!
Now, please read through this post: http://wordpress.org/support/topic/41464#post-233351
If your server has register_globals disabled (which it should as a default security precaution), then you are not vulnerable to this exploit.
When your host turns register_globals off like it should be.
Posted 6 years ago #
If your ISP is unable (or unwilling) to run apache with register globals switched off, simply add this to your .htaccess file in the root folder of your WordPress installation:
php_flag register_globals off
This topic has been closed to new replies.
