http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/ Sat, 10 Jan 2009 00:15:49 +0000 http://wordpress.org/?v=2.7 hourly 1 http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/comment-page-1/#comment-75148 banane Sun, 16 Dec 2007 05:04:25 +0000 http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/#comment-75148 Oh- thanks Matt! It's not in the footer, but at the end of a post, the individual post content, which users can't see, you can only see if you "view code" in the interface. I will change the db password, seems like the best idea. Oh- thanks Matt! It’s not in the footer, but at the end of a post, the individual post content, which users can’t see, you can only see if you “view code” in the interface. I will change the db password, seems like the best idea.

]]> http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/comment-page-1/#comment-75113 Matt Sun, 16 Dec 2007 02:28:52 +0000 http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/#comment-75113 If there is spammy HTML in the footer.php of a theme, it's unlikely that it has anything to do with the cookie thing, it's more likely file permissions and/or an old XML-RPC problem. The cookie thing only applies to you if they've already read your database directly, which is not possible if you're on a secure version, and changing your password protects you if they have. I wouldn't attempt to apply the phpass patch by hand. If there is spammy HTML in the footer.php of a theme, it’s unlikely that it has anything to do with the cookie thing, it’s more likely file permissions and/or an old XML-RPC problem. The cookie thing only applies to you if they’ve already read your database directly, which is not possible if you’re on a secure version, and changing your password protects you if they have. I wouldn’t attempt to apply the phpass patch by hand.

]]>