WordPress 2.8.4 has been released to the public. This version is to patch a vulnerability that was discovered yesterday.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
WordPress 2.8.4 can be downloaded from here: Download Link
Source: WordPress.org
Get the plugin WP-DB-Backup. Install this into your WordPress blog under the plugin folder and activate it. Under ‘Tools’ there will be a Backup button that you can press. This is the area where you can set up an option to have this database emailed to you on a daily basis or at least once each week. Make sure you use an email that is not connected to your current hosting account in case the whole host gets attacked. Now you have your database automatically backed up.