Fix wp-login.php

There appears to be a few lines of code within wp-login.php of WordPress 1.2.1 (Mingus) or 1.3-alpha-5 (nightlies) that could allow someone to …bah. I can’t explain it as well as the others, and it’s really late (early) in the morning. I basically just got home to find that I needed to fix this.

The IT Kitchen got hacked, and Shelley wrote on how to repair it. I would’ve never found out about this if my links page didn’t indicate that podz had a new post today. I love RSS and blogs. I hope more people realize how great those tools really are.

Note: In my wp-login.php file, the offending lines were right after line 151. I’m not running the 1.3 alpha, and I’m confused because podz and One Fine Jay mentions two different sections of lines.

I’ll clarify. With a default WP 1.3 alpha download, it’s in lines 48 and 49; with a default WP 1.2.1 download, it’s in lines 153 and 155. WP 1.2 users should update to 1.2.1.

Published by

Bryan Villarin

Bryan is a Trust & Safety Wrangler at Automattic. He's also a photographer, card magician, and cat whisperer. (Thanks to my friend and colleague Steve Blythe for the sweet photo!)

One thought on “Fix wp-login.php”

Talk to me, Goose

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s