Wordpress 2.3.3


Recommended Posts

As most will know if you log into your blog using Wordpress that theres an update but incase you don't...

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you?re updating WP and your plugins, consider refreshing your passwords.

[Download[/b]b>]

Link to comment
Share on other sites

Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.

Link to comment
Share on other sites

Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.

:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

Link to comment
Share on other sites

:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

Link to comment
Share on other sites

Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

Link to comment
Share on other sites

I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.

Link to comment
Share on other sites

I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.

Sometimes you see yourself as a kindergarten employee, don't you..? :p

I'm sure I would..

Link to comment
Share on other sites

Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.

Link to comment
Share on other sites

I don't mind the upgrade process actually and I find it "scary" to use a plug-in for updating. This will need you CHMOD your files to 0777 not?

Link to comment
Share on other sites

Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.

Well It just downloads the latest zip file, and extracts it over the directory.

I does the same thing as I would do over FTP. So I don't see how it can go wrong. (Or more wrong than me doing it) :p

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.