Word Press Login Security Issue

Filed Under (0day, blog support, fix, word press) by chris on 08-11-2009

Tagged Under : ,

This just in from the Internet Storm Center

Juha-Matti pointed out multple reports on a vulnerability in the widely used wordpress blog software that supposedly allows lets remote users reset the administrative password. They all lead to an original post on a full disclosure mailing list.

You can get all the details from the original post – WordPress unauthenticated administrator password reset

You can find the fix here

Basically you just need to change line 190 in wp-login.php from
if ( empty( $key )
to
if ( empty( $key ) || is_array( $key ) )
If line 190 in wp-login.php doesn’t match the example, you should update Word Press.

I’ve already done it here and everything still works. I also tried it on a version of Word Press that isn’t the latest version. I had to search for the string that needed changing because it’s not on line 190 in the older version. I updated the info and everything is working there too.

(0) Comments     Read More

Word Press TV

Filed Under (Windows, blog support, free software, internet tv, software, tutorial, vidcasts, video, video games) by chris on 03-18-2009

Tagged Under : ,

Seeing how I’m now running Word Press, it only makes sense that I would tell you about Word Press TV. If you are running Word Press, or are just thinking about using it, you owe it to yourself to give this site a look.

wordpresstv

Even though it’s only been up for maybe 2 months, there’s a lot of great content. There’s plenty of How-To videos, for beginners to advanced users. There’s videos about administration, set-up, widgets, publishing, media, plugins, themes, custom design, and more. There is also a section of videos from Word Camp.

I wanted to write about Word Press TV when it first went live, but I haven’t actully spent any amount of time on it, untill recently. Most of them are using vimeo to host their videos, so the quality is execlent. Theses aren’t some junky, pixalated Youtube videos. They are high quality and when I viewed them with HD turned on, the screen captures of in the how-to videos was perfect and crisp and easy to read the all the text in the videos.  Even when not in full screen or HD you can read them easily. If only everyone made instructional videos at this quality. Check out the example below.

Getting set up with the WP e-Commerce plugin: settings and configuration

    (0) Comments     Read More
    12 visitors online now
    12 guests, 0 members
    Max visitors today: 21 at 02:42 pm UTC
    This month: 38 at 09-08-2010 07:53 pm UTC
    This year: 165 at 01-11-2010 09:16 pm UTC
    All time: 165 at 01-11-2010 09:16 pm UTC