First, delete links.all.php if you have it. The upgrade files and installation files, just as wp-install.php, upgrade-070-to-071.php, and the two you listed are not a security problem if you leave them, but to keep things I always delete them once I’m done installing or upgrading.
Anonymous
Is there a security risk in file: (root)/wp-links/links.all.php ?
Yes, and it is being actively exploited. That’s why we’ve said in the announcement email and in the forums to delete it, and it has been removed from the release.
Thread Starter
john
(@john)
How about the chmod thing for sensitive files–if there are any? And thank you for the quick response. I made sure I didn’t have those files in my folders.
John
I can’t think of any WordPress-specific instructions for sensitive files. The normal precautions taken for other web software should apply here.
