Dr Dave sends out the alarm; I spread the word.
Dr Dave, developer of the must-have spam prevention tool, Spam Karma, sent out the following alert message to all Spam Karma users as an announcement in the Spam Karma administration panel:
MAJOR SECURITY ANNOUNCEMENT
Affecting all WP users (this is not specifically a Spam Karma problem). Please immediately disable ‘guest user registration’ on your blog if it’s enabled and advise all your friends to do so (details here). I cannot give too much technical details as it would further endanger vulnerable Wordpress users, but trust me this is not a joke.
What Dr Dave means is to follow these instructions:
- Log in to your WordPress blog and display the Dashboard.
- Click Options to display the General Options administration panel.
- Turn OFF the Anyone can register check box under Membership.
- Click the Update Options button at the bottom of the window.
On his site, Dr Dave also recommends that if this option had been turned on, you should view your Users list and delete any user you’re not sure about.
Dr Dave did not provide any details for this security problem. He’s worried that it’ll spread the word about how a WordPress system might be compromised.
Our advice: just do it. I’m sure more details (and probably a fix) will come soon.
WordPress, security, problem
Recent Comments