WordPress Vulnerability
11.08.2005.
WordPress and Secunia reported on August 9 that there is a critical security vulnerability in WordPress 1.5.1.3. I can attest to that.
Yesterday I had a very important presentation to give as part of my graduation requirement for grad school. My presentation was entitled “Don’t Get Caught in the Web: Using a website to enhance small business opportunity.” Part of the presentation involved a demo of a live website that I created for my wife’s private practice.
2.5 hours before the presentation, I casually checked the site from work and was presented with a page that read, “Account suspended. Please contact support/billing immediately.” What?! After 52 minutes waiting on the customer service line with my webhost, I was told that they do not provide support over the phone. Instead, I needed to use the form submission to communicate support requests via email. Aarrgghh! Now about 1.5 hours before showtime.
I did use the submission form and received a reply more quickly than I anticipated. My provider suspended my account because they thought I had introduced a malicious IRC bot onto my own webspace. Sorry, I’m not that technically inclined, just enough to install WordPress and to customize it for my liking.
Long story short, a hacker infiltrated my webspace through a vulnerability in WordPress 1.5.1.3. It appears a patch may be available to close this vulnerability, but thankfully, my webhost support contact made a file change on my space to hopefully plug this security hole.
Fortunately, the presentation went off without a hitch and I could access the website. After two more weeks of a summer school class, I will be done with my program. In retrospect, I realize that perhaps I need to use a stricter password for my WordPress account. Security has become a serious issue, folks, and yesterday it became that much more personal to me.
Update
On August 14, WordPress 1.5.2 was released to address these security issues.
Tags: [WordPress, security, hackers, hacker, vulnerability, patch]