Word­Press Stray­horn is Safe

via Linux worm tar­gets PHP flawDon’t Pan­ic! Word­Press is Secure

That is incor­rect. Word­Press 1.5 or high­er is safe. Since the release of ver­sion 1.5, Word­Press has used a com­pletely dif­fer­ent XML-RPC lib­rary, called IXR.

Older WP ver­sions (1.2.x and earli­er) are vul­ner­able, how­ever. If for some reas­on you are still run­ning a pre‑1.5 ver­sion of Word­Press, you should upgrade imme­di­ately to the latest ver­sion, Word­Press 1.5.2 “Stray­horn”. If upgrad­ing poses a prob­lem for some reas­on, and if you don’t need ping­backs or blog cli­ent API func­tion­al­ity, simply delete the class-xmlrpc.php and class-xmlrpcs.php files from your installation’s wp-includes dir­ect­ory (but you really should upgrade).

WP1.5以上を使ってる分には上記の脆弱性で取り上げられているXML-RPCとは違うXML-RPCライブラリを使っているため問題無いみたい。問題なのは1.2.x以下のバージョンだそうです。pingback や ブログクライアントAPIを使わない方に限る応急処置としては /wp-inclueds/class-xmlrpc.php/wp-inclueds/class-xmlrpcs.php を削除する事だそうです。でも早急に1.5以上のバージョンへアップグレードしなさいといってます。


aka Written by: