[wp-hackers] SQL Injection again

[Jason Bainbridge]

On 6/22/05, Podz <podz at tamba2.org.uk> wrote:
> http://wordpress.org/support/topic/37216

Semi-related to this, I know the dashboard by default already includes
the last handful of posts from the WP Development blog that lists any
updates but a lot of the time I just breeze past that page so I don't
realize there are any updates. Now of course you could say the due
diligence should be on me to read it, but wouldn't it be a good idea
to make security alerts stand out so people see it and understand that
it is important they upgrade straight away?

Also it might be a good idea if we recommended people used a table
prefix other than the default and if possible use a MySQL database
user that only has access to the WP database and that doesn't have
DROP privileges, this would help restrict what someone could do with
an SQL injection attack. I had a quick look in the Codex but couldn't
see anything along the lines of how to harden your WP install at all
so is this soething worthwhile looking into?

Regards,
-- 
Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com