So, this WordPress security update is important of course.

So, this WordPress security update is important of course. But included in the article below is a very amusing note that WordPress also instituted a maximum password length of 4096 characters. Surely that’s to avoid a denial-of-service as an attacker pushes a multi-megabyte password through the server crypto. But really, a 4096-character password? I hope you’re using a password manager for that one!

Originally shared by Naked Security

WordPress users – make sure you’ve upgraded.

https://nakedsecurity.sophos.com/2014/11/24/wordpress-issues-critical-fixes-closing-remotable-bug-and-more