{"id":1413,"date":"2006-07-26T17:10:40","date_gmt":"2006-07-26T15:10:40","guid":{"rendered":"http:\/\/unknowngenius.com\/blog\/?p=1413"},"modified":"2006-10-15T10:01:25","modified_gmt":"2006-10-15T08:01:25","slug":"critical-announcement-to-all-wordpress-users","status":"publish","type":"post","link":"https:\/\/unknowngenius.com\/blog\/archives\/2006\/07\/26\/critical-announcement-to-all-wordpress-users\/","title":{"rendered":"Critical Announcement affecting ALL WordPress users"},"content":{"rendered":"

If you are running WordPress<\/a> as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY<\/strong> (in wp-admin >> options<\/i>: make sure “Anyone can register” is not checked).<\/p>\n

Additionally, delete or disable ANY guest account already created by people you are not sure about.<\/p>\n

Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.<\/p>\n

WordPress dev team has been notified a while back and I dare hope they will soon start acting on it, if only by relaying a similar announcement through the official channel (as well as, of course, releasing a proper patch).<\/p>\n

Sorry for the shrill hysterical tone, but this is a big deal. However, disable that one option and you are fine, no need to panic further \ud83d\ude42<\/p>\n

[cheers go to Geoff Eby for discovering and bringing this insane security exploit to my attention]<\/p>\n

Update<\/strong>: a small follow-up addressing comments and concerns I have received ever since this last warning, is posted here<\/a>. Feel free to ignore completely unless you really care about inner WordPress politics (yawn).<\/p>\n

Update 2<\/strong>: WordPress upgrade 2.0.4<\/a> should now patch this bug. If your version of WordPress is equal to or higher than 2.0.4, feel free to ignore the warning above. If not, then you should\/MUST upgrade (more details in the comments<\/a>).<\/p>\n","protected":false},"excerpt":{"rendered":"

If you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin >> options: make sure “Anyone can register” is not checked). Additionally, delete or disable ANY guest account already created by people you are not sure about.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[28],"tags":[],"class_list":["post-1413","post","type-post","status-publish","format-standard","hentry","category-wordpress-tweaking"],"_links":{"self":[{"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/posts\/1413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/comments?post=1413"}],"version-history":[{"count":0,"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/posts\/1413\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/media?parent=1413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/categories?post=1413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknowngenius.com\/blog\/wp-json\/wp\/v2\/tags?post=1413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}