{"id":332,"date":"2006-07-27T19:54:31","date_gmt":"2006-07-27T18:54:31","guid":{"rendered":"http:\/\/www.zarrelli.org\/new_blog\/?p=332"},"modified":"2006-07-27T19:54:31","modified_gmt":"2006-07-27T18:54:31","slug":"critical-announcement-affecting-all-wordpress-users","status":"publish","type":"post","link":"https:\/\/www.zarrelli.org\/blog\/critical-announcement-affecting-all-wordpress-users\/","title":{"rendered":"Critical Announcement affecting ALL WordPress users"},"content":{"rendered":"<blockquote><p>\nIf you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, <strong>DISABLE IT IMMEDIATELY<\/strong> (in wp-admin >> options: make sure \u201cAnyone can register\u201d is not checked).<br \/>\nAdditionally, delete or disable ANY guest account already created by people you are not sure about.<br \/>\nLeaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don\u2019t wait a second to disable this option and please relay the message.<br \/>\nWordpress dev team has been notified a while back and I dare hope they will soon start acting on it, if only by relaying a similar announcement through the official channel (as well as, of course, releasing a proper patch).<br \/>\nSorry for the shrill hysterical tone, but this is a big deal. However, disable that one option and you are fine, no need to panic further \ud83d\ude42<br \/>\n[cheers go to Geoff Eby for discovering and bringing this insane security exploit to my attention]<br \/>\n<strong>Update<\/strong>: a small follow-up addressing comments and concerns I have received ever since this last warning, is <a href=\"http:\/\/unknowngenius.com\/blog\/archives\/2006\/07\/27\/followup-on-wordpress\/\" target=\"_blank\">posted here<\/a>. Feel free to ignore completely unless you really care about inner WordPress politics (yawn).\n<\/p><\/blockquote>\n<p>[Via <a href=\"http:\/\/unknowngenius.com\/blog\/archives\/2006\/07\/26\/critical-announcement-to-all-wordpress-users\/\" target=\"\">Dr. Dave<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin >> options: make sure \u201cAnyone can register\u201d is not checked). Additionally, delete or disable ANY guest account already created by people you are not sure about. Leaving &hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[126,490],"class_list":{"0":"post-332","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-blog","7":"tag-security","8":"tag-wordpress","10":"without-featured-image"},"_links":{"self":[{"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/posts\/332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/comments?post=332"}],"version-history":[{"count":0,"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/posts\/332\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/media?parent=332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/categories?post=332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zarrelli.org\/blog\/wp-json\/wp\/v2\/tags?post=332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}