Comments disabled due to WordPress vulnerability

UPDATE 2014-11-10: WP 4.0 is not vulnerable.

The commenting feature on this blog has been temporarily disabled (using the Disable Comments-plugin) due to an apparently discovered vulnerability in all current versions of WordPress. The details of the vulnerability have not been published yet, but WordPress will publish fixed versions in the next few days.

I’m not certain disabling the comments will fully fix the vulnerability since no details have been published, but disabling commenting on all WordPress sites is something I’d recommend to everyone, just in case.

More information about the vulnerability in Finnish:
https://www.viestintavirasto.fi/tietoturva/tietoturvanyt/2014/11/ttn201411041006.html
http://klikki.fi/adv/wordpress_ennakko-fi.html

EDIT: There are rumours that the vulnerabilities are even worse. In order to prepare for that, I’ve now disabled write access to the database from my blog user, and removed write access to the file system as well, until more actual information is available. I’ve also wrapped an extra layer of tinfoil around my head.

Leave a comment

Your email address will not be published. Required fields are marked *