Being new to Wordpress, I scour the web as much as possible to learn more about it. Nothing scares me more than finding out that it can be hacked into, especially when I don’t know much about it. According to CountZero on his [1] blog, multiple security vulnerabilities were found in Wordpress 2.0.1 (which is what I’m using at the moment) by a Spain-based security research team called Neo Security Team (NST). You can find the [2] full published advisories on their website.

There is currently a discussion thread on the [3] Wordpress support site regarding this and mentions of the new 2.0.2 in the works to fix the problems. CountZero has even kindly provided instructions and a small patch to fix what he thinks are the two major issues.

Using the techniques mentioned on the NST article, I have briefly tried a so-called “attack” on my own website. However, it doesn’t seem to work. I haven’t tested it thoroughly though, so it may still work. Skimming through the thread on the Wordpress support site has led me to believe that this is a server configuration issue rather than a Wordpress problem. This may only affect those who are running their own servers.

In any case, I don’t think there is anything wrong with letting other Wordpress users know about it, since it’s always good to excercise caution when dealing with the marvellous world of the Internet.

I for one shall patiently await the next release of Wordpress.