robfay

One other thing: I’ve noticed that password-protecting posts does not hide them from the public on the wordpress.com hosted instance! Other than prefacing the post as “Protected,” the message can still be read by an unregistered user!

I’ve just created a wordpress instance on the wordpress.com hosted site. I did it as a way to better enable communication with my team at work.

Problem is, some of the communications will likely be proprietary and I’d rather than a private post feature that only lets registered users (my team) view these private communications. Right now a private post is restricted to the person who created it – seems silly to me.

Any ideas?

What other precautions might I try? Should I change webhost account passwords along with wordpress passwords? Are these vulnerable as a result?

It already appears that I might be getting a bit more comment spam than before, but that could be my imagination.

Will that line of code in the.htaccess file resolve the issue? I am thankful that you are aware of this issue and will quickly resolve it.

Let me provide you with some motivation – a nightmere result of this vulnerability hits a novice – me! I got hit within the last 24 hours through this exploit and an IRC bot got onto my server. My webhost suspended my account (thinking it was my maliciousness – later pointed me to this post and realized it wasn’t me) and I just about lost it! I have a big demo in less than two hours, so I had to explain that I’m no sysadmin or programmer – just know enough html and css to get by using wordpress. Thankfully, he appeared to resolve the issue and reinstated my account. Whew! Website back up!

Thanks for looking into and resolving this serious issue.

Greetings!

1. Are most people here now reliably using Ryan’s plugin?

2. When I create the plugin, I assume I drop it into my plugin directory?

3. Can people post more examples of their sites having followed this method?

Thanks