Issues
Issues
(A new release of Wordpress is now available at http://wordpress.org/development/2009/08/2-8-4-security-release/ that includes a fix for this problem. If you download and install it, the workarounds below should no longer be needed.)
There is a security problem in Wordpress for which no fix is yet available. Details are here:
If you are using Wordpress in your DirectAdmin account, please seal the admin access as follows. Use either one of the methods below (not both).
After applying either of these procedures, please verify to make sure admin access has been correctly blocked. Also check to make sure visitors to your blog can still view your postings.
This is quick and easy and requires an ssh login.
Log into your account via ssh, then cd into the 'domains' subdirectory,
then cd into the directory whose name is the same as your domain, then
cd into public_html. If your domain is example.com, then you should end
up in the subdirectory domains/example.com/public_html
at this point,
relative to your home directory.
Now use the following shell command:
chmod 000 wp-admin
This denies all access (even to you) to your wp-admin directory. This will prevent all admin logins.
Later, to restore access, the complementary command is:
chmod 755 wp-admin
This should seal off admin access. If all goes well, you will need to enter the directory protection password you selected above to get admin access, before Wordpress will even prompt you for your admin password.
Please check this very carefully, and make sure normal access to your Wordpress blog is not affected.
Once a fix is released, you should upgrade your Wordpress installation. And then, if you wish, you can undo the directory protection by following essentially the same instructions to select the directory, but then leaving the “Protection Enabled” checkbox blank before doing the Save.