[wp-hackers] SQL Injection again

Jason Bainbridge jbainbridge at gmail.com
Wed Jun 22 13:50:55 GMT 2005

On 6/22/05, Podz <podz at tamba2.org.uk> wrote:
> http://wordpress.org/support/topic/37216

Semi-related to this, I know the dashboard by default already includes
the last handful of posts from the WP Development blog that lists any
updates but a lot of the time I just breeze past that page so I don't
realize there are any updates. Now of course you could say the due
diligence should be on me to read it, but wouldn't it be a good idea
to make security alerts stand out so people see it and understand that
it is important they upgrade straight away?

Also it might be a good idea if we recommended people used a table
prefix other than the default and if possible use a MySQL database
user that only has access to the WP database and that doesn't have
DROP privileges, this would help restrict what someone could do with
an SQL injection attack. I had a quick look in the Codex but couldn't
see anything along the lines of how to harden your WP install at all
so is this soething worthwhile looking into?

Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com

More information about the wp-hackers mailing list