Skip to Content

Free TUAW iPhone app -- try it now!
AOL Tech

security update posts

Filed under: Security, Blogging, web 2.0

WordPress 2.5.1 security update

by Christina Warren Apr 26th 2008

The WordPress team has released version 2.5.1 of the blogging software. The new version, which comes nearly a month after the initial release fixes a slew of performance and interface bugs, but also includes a very important security update. It is highly reccommended that all WordPress 2.5 users update their installations as soon as possible, especially if you allow open-registration (for user comments or for multi-author blogs).

In addition to the aforementioned security patch, 2.5.1 contains a number of fixes to issues that have plagued some WordPress users for the last couple of weeks.

The highlights include
  • Improvements to the Media Uploader
  • Performance tweaks for the Dashboard and the Write and Comments pages
  • TinyMCE has been updated
  • Layout fixes for IE users
Download the latest version of WordPress from their site and update your installations accordingly.

Tags: security update, SecurityUpdate, wordpress, wordpress 2.5, Wordpress2.5

Filed under: Security, Blogging

WordPress releases urgent security update

by Christina Warren Feb 5th 2008

WordPress users might have noticed an upgrade notification in their Dashboard's today. This version, dubbed WordPress 2.3.3, has been released as an urgent security update.

The problem? Well for blogs with registration enabled, a hole in the XML-RPC implementation was found that could allow a user to edit the posts of other users on that blog.

The WordPress team has two update solutions. If you just want to update the xmlrpc.php file, you can download it here and import it directly to your main WordPress directory (overwriting the file that is in its place now). If you want the full 2.3.3 update, which includes a few minor bug fixes in addition to the XML-RPC exploit, download it here and follow the usual upgrade protocol.

Additionally, if you use the WP-Forum plugin, be aware that it is being actively exploited as a target for SQL injections. Please disable and delete the plugin until a fix is released.

Tags: security update, SecurityUpdate, wordpress

Featured Time Waster

The World's Hardest Game 2.0 - Time Waster

So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do. Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game. The mechanics of the game are very simple. You are a small red square, ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Most Commented On (7 days)

Recent Comments

More Tech Coverage

AOL Radio