Jeff Starr discovered serious vulnerability in Wordpress when his server crashed and his blog completely lost connection with MySQL databases. Whenever Wordpress encounters database errors it shows default error page which shows you the details of error. But this is not the case for all database errors, if your Wordpress blog completely lose database connection or your database is entirely missing, then WordPress assumes that it has not yet been installed and loads the installation page to your blog/site visitors.
And eventually may lead anyone to take over your entire blog.
For more info on this issue and fixes refer to Jeff Starr’s post important security fix for Wordpress.
(images via Perishable Press)
June 27th, 2009 at 12:32 pm
Thks for the info… but how do we protect ourselves from this?
Cheers
Sandeep
.-= Curious Little Person´s last blog ..Make Money Online Series Part 2 – EBooks & Reports =-.
July 1st, 2009 at 12:54 am
@Curious Little Person
I have placed the link of the source article where you will find some fixes to this issue, but anyways the simplest fix is to delete the wp-admin/install.php file entirely. It is not needed after installation.
July 9th, 2009 at 11:25 pm
Thanks for sharing the info.
July 17th, 2009 at 12:44 pm
so, whats the solution?
October 10th, 2009 at 6:17 am
hahah fellows can easily stole our accounts