I was reading around today after cleaning up a website that got hacked when I saw an example of a vulnerability that exists in WordPress 2.6.1 The security hole is this:

Imagine a blog site using wordpress 2.6.1 and its web address is www.hackme.com , when you type in your address bar http://www.hackme.com/wp-login.php?action=register the new user registration page comes up !

After that we type our user name as “admin                                                       x” (make sure there are 52 space characters between “x” and “admin”. So after that type your e-mail address to the next textbox and click register. By doing this we are cloning the “admin” user name. Your password will come to your e-mail address shortly. You will not able to login with this information directly, So open the same page again and click “forgot password”, type in your own e-mail address and your will receive the link to reset the admin password. Once you click the reset link, the new password will be generated and will be sent to the real owner of the website.

Now, although people can’t log in with that password, it can prove to be very annoying and can even be used to implement a denial-of-service attack, but continually changing the admin’s password. How can you address the issue. Either upgrade to WordPress 2.6.2 or disable user registrations.