Dr Dave has announced that there is a security exploit affecting WordPress 1.5 and WordPress 2.0.
In a nutshell, stuff could happen to your blog if you don’t turn off “Anyone can register” on your WordPress options. If it’s on, DO IT NOW. Dr Dave adds that you should also disable any guest accounts you are unsure about.
I have no idea what the hell is going on - but take it from Dr Dave and disable it now. There is no real known proof about this exploit, but I am going to take it as a matter of trust to a respected blogger who is also the developer of Spam Karma. Let’s hope the WordPress dev guys realize this and patch it - really wicked quickly. Do not hesitate - disable it on your blog now. Dr Dave can’t give us anything on the exploit since not enough blogs are protected now - information may fall in the wrong hands and the exploit may come.
The last word is to take Dr Dave’s word - he’s tested it and it’s “shown to exist with varying levels of danger on all versions of WP up to the very last one.”
Notified by Kamigoroshi on IRC.
Today marks the release of the 1.0 version of Minimalistica (public release), the theme that you currently see on my blog. Created sometime in March 2006 and packaged for release today, Minimalistica is a theme that is another proof of the rule that beauty exists in simplicity.
Minimalistica is a sleek, cleak skin with light grays, faint stripes, gradients, and drop shadows. And some whitespace.
I was planning to release this theme once I had time to do so - packaging this theme took more than two hours. I’m sure someone will use it somehow. Well, I hope so.
If you use this theme, please consider pledging to sponsor me in Blogathon 2006. More information can be found in that thing that’s on your right side of your screen that has the big red Pledge! button.
You can find more information and a download link here: http://stevenbao.com/minimalistica. Enjoy.