Upgrade WordPress to 2.6.2 – Security Upgrade

WordPress has just released a new upgrade of the self-hosted version of WordPress. This time it contains a security upgrade which will make it harder for hackers to gain access to your WordPress installation via a resently found security hole. If you allow open registrations on your blog it’s possible for any user to craft a username so that it will reset another users password. The new password will be randomly created, but due to a weakness in  mt_rand() it is possible to guess the new password 🙁

From the WordPress blog:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

If you use WordPress you should upgrade as soon as possible.

My FREE Insider’s Kit will show you how to earn more money!