
WordPress 'Concern' (title edited)
I won't get into that, though.
The Danger/Concern is...
There's this file located in your /wp-includes/ folder that's called registration.php.
It essentially allows you to insert users into your WP user table on the fly. Thing is; it doesn't ask for any type of authentication!!
That means that anybody that knows about this file and a little bit of PHP can basically insert users into your WP database. This is bad.
I'm not gonna get into all that could happen; just FIX the possibility of someone hacking you by doing the following; (this is just off the top of my head and I have NOT tested this so I'm not sure if it will affect anything else -- but, I don't think it will because it seems that this file was put in place specifically for the purpose of inserting users outside of the normal channel).
That being understood...
Simply rename that file to something only you know. <-- NOT the answer
EDIT: I'm still looking for a solution that would be easy to implement. "I" could easily just add an IF statement that looked for a secret key; but, that wouldn't be very easy for non-coders. So, I'll keep looking.
I did some frantic searching and didn't find anybody yelling about it or complaining. The WP codex talks about it rather gingerly like its no big deal

Do this NOW if you're wanting to protect your WP site(s) from being hacked.
One thing that could happen is someone adding themselves to your WP user database as an Admin and reaping havok on your blog. That would suck!
OK.. I warned ya. Hope you take heed.
IF someone with more WP expertise than me has something more elegant OR knows for a FACT that this can not hurt our blogs, PLEASE speak up.
Thanks.
HTH
PLP,
tecHead
Edited for those coming behind us reading this thread.
Signature goes here
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
The man who views the world at fifty the same as he did at twenty has wasted thirty years of his life. ~Muhammad Ali
Pay me to play. :) Order a Custom Cover today.
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
Making your translated sites friendly for humans and machines alike.
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
Making your translated sites friendly for humans and machines alike.
Automation is the primary conduit to successful relaxation
Making your translated sites friendly for humans and machines alike.
Automation is the primary conduit to successful relaxation
Making your translated sites friendly for humans and machines alike.
Automation is the primary conduit to successful relaxation
Automation is the primary conduit to successful relaxation
Making your translated sites friendly for humans and machines alike.
Automation is the primary conduit to successful relaxation
Making your translated sites friendly for humans and machines alike.
~ Zig Ziglar
Automation is the primary conduit to successful relaxation
Stop by Paul's Pub - my little hangout on Facebook.
The man who views the world at fifty the same as he did at twenty has wasted thirty years of his life. ~Muhammad Ali
Pay me to play. :) Order a Custom Cover today.