Re: [bitfolk] idle curiosity? bank phishing scam, was Fw: Notice ID:01ZMCX

Dom Latter said: A bit cruel given how many websites use WordPress: it's not surprising that some get hacked. It's been a while since there's been a remote exploit - the vast majority of problems have been with user rights escalation, where mere users can behave like admins, so the real advice is Don't install WordPress and let anyone you don't trust completely have an account on it. Don't have an WP user called 'admin' either - the vast majority of attempts at WP password hacking try for that one - and add a plugin to catch and block these anyway. Quick check at Secunia for WP3: one unpatched vulnerability (attackers can determine valid user names, but clearly don't), then looking up the list of patched ones, it's user rights, user rights, attackers could insert stuff into links with comments (2010), user rights, a denial of service related to comments (2011), user rights, user rights, and finally user rights :) There are quite a few plugins with published issues though, so we could add 'be careful about which plugins you install'. Ian