If you run your own installation of WordPress (and you’re paying attention to security) you’ve probably heard quite a bit of talk recently about a couple issues that could lead to a compromise of your blog.
I won’t go into too much detail here on the exploits, but they’re definitely out there, “in the wild”, as they say, because I’ve seen quite a few hacked blog posts show up in my RSS feeds in the last couple days.
This prompted me to get to work on patching these issues in WordPress MU. I put together a patch that addresses the two main issues: stored password hashes not being salted, and the cookie authentication vulnerability. (See those last two links for detailed discussion on the problems). If you’re running WPMU, I suggest applying this patch to keep your installation safe.
The patches have already been applied to the standard version of WordPress, but not in a released version yet. This may be complicated for those of you running regular WP, because there are a ton of other significant changes that have also been commited to the SVN repository , and you may not want some of those in your day-to-day install yet (specifically, the unfinished redesign of the admin UI).
The changed files are all the same as in my patches, though, (only the line numbers will be different) so you could probably use them to figure out what you need to change in your own installation to apply the security fixes without the other current changes.