A WordPress bug you should know about

Quick PSA for my fellow WordPress users: Like me, you may not pay much attention to the announcements about upcoming WordPress versions. However, hidden in the most recent version announcement is news about a newly discovered bug that makes it possible for anyone to see your draft posts if they know a certain URL trick. (You may prefer not to have that happen, particularly if you use your draft posts as a scratchpad.)

Fortunately, you don’t have to upgrade to the entire latest version of WordPress to fix this bug, if you aren’t inclined to go through that at the moment. You can manually edit two of your files instead for a quick fix. See “Attachments” (both of them) on the page linked to above – delete the red lines, add the green lines. (Just make sure you make backup copies of those two files ahead of time, in case something goes wrong.) Note: WordPress.com users shouldn’t have to worry about this, as their version of WP will no doubt be automatically updated by the service; this is just for people who run WP off their own servers.

One thought on “A WordPress bug you should know about

Comments are closed.