inspiredbywordpress

Wordpress 2.8.5: Security Release

What with the name of this website being “Inspired By Wordpress”, I personally feel that I have a responsibility to make it known when their is a new wordpress release available.

Yesterday the latest version of Wordpress (2.8.5) was released, but whats new?  Anything?  On the visual level, nothing.  But behind the scenes the guys behind have made a few changes.  Rather than trying to explain all of these I figured it would be best if I took it straight from the Wordpress Blog.

The headline changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

Wordpress recommend everybody to upgrade to this version of wordpress as soon as possible due to the new security fixes.

They are also including a note for everybody who who thinks that they have been hit by the recent exploit.  They are recommending that everybody in this situation uses the Wordpress Exploit Scanner immediately.

If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner.  This is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

I do hope that nobody reading this has suffered from the exploit, but if you have do follow their advice as they do know what they are talking about.  Follow their advice and keep wordpress up-to-date and you should be fine.