security vulnerability in 2.9.2
The rash of hacks on network solutions wordpress blogs were from harvested SQL accounts by scanning for and reading the SQL account info from wp_config.php.
Suggest two changes (gleamed from sucuri.net’s discovery)
1) Make sure after an install or upgrade that wp_config.php is chmod 750. Maybe this is a network solutions install choice, I dunno but to be safe Im asking wordpress to change your install.
2) Can the DB password somehow not be in the clear?
Existing sites can protect themselves by doing the above (and changing your SQL DB password to be sure). Its just a matter of time before folks start copying this technique and scan other hosting sites.
- The topic ‘security vulnerability in 2.9.2’ is closed to new replies.