Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

WordPress 1.5.x safe from XML-RPC worm

In case you didn’t already see my post over on the WordPress Development Blog, rest assured that WordPress is safe from the recently announced PHPXMLRPC worm. Some of the articles about this worm point to old information indicating that WP 1.5 is vulnerable, but that is incorrect. Versions 1.2.x and earlier are in danger, however. So if you have any older WP installations, you should upgrade them immediately, or delete the xmlrpc class files as indicated in the post I made on the main WP site.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Blogs, News, Security, Tech, WordPress and tagged , , , . Bookmark the permalink.

4 Responses to WordPress 1.5.x safe from XML-RPC worm

  1. Pingback: Datenrettung

  2. Pingback: Gratoria.com » Blog Archive » dashboard

  3. Doug says:

    There is something going on that is effecting WordPress sites, though. All of my WordPress sites were down a couple days ago. My host fixed it but they didn’t say what the issue was.

    I’ve seen this on other WordPress sites over the last couple days. For example, Matt’s site seems to be having similar problems at the time of this writing. In Safari, I see an error like this: Safari can’t open the page “http://photomatt.net/”. The error was: “lost network connection” (NSURLErrorDomain:-1005). FireFox just shows a blank page.

    From the command line, I see: $ curl -v http://photomatt.net/
    * About to connect() to photomatt.net port 80
    * Trying 72.36.230.250… * connected
    * Connected to photomatt.net (72.36.230.250) port 80
    > GET / HTTP/1.1
    User-Agent: curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7g zlib/1.2.3
    Host: photomatt.net
    Pragma: no-cache
    Accept: */*
    * Empty reply from server
    * Connection #0 to host photomatt.net left intact
    curl: (52) Empty reply from server
    * Closing connection #0

    When my sites were down, I could get to any of my static pages, but anything WordPress gave errors like those above.

    Any idea what’s going on?

  4. Dave says:

    Thanks for the info. That the bad thing about the web, rumor and incorrect info gets passed around like wildfire.

Leave a Reply

%d bloggers like this: