Skip to Content

Submit your nominations for the Luxist Awards' Best in Decor
AOL Tech

security update posts

Filed under: Security, Blogging, web 2.0

WordPress 2.5.1 security update

by Christina Warren Apr 26th 2008

The WordPress team has released version 2.5.1 of the blogging software. The new version, which comes nearly a month after the initial release fixes a slew of performance and interface bugs, but also includes a very important security update. It is highly reccommended that all WordPress 2.5 users update their installations as soon as possible, especially if you allow open-registration (for user comments or for multi-author blogs).

In addition to the aforementioned security patch, 2.5.1 contains a number of fixes to issues that have plagued some WordPress users for the last couple of weeks.

The highlights include
  • Improvements to the Media Uploader
  • Performance tweaks for the Dashboard and the Write and Comments pages
  • TinyMCE has been updated
  • Layout fixes for IE users
Download the latest version of WordPress from their site and update your installations accordingly.

Tags: security update, SecurityUpdate, wordpress, wordpress 2.5, Wordpress2.5

Filed under: Security, Blogging

WordPress releases urgent security update

by Christina Warren Feb 5th 2008

WordPress users might have noticed an upgrade notification in their Dashboard's today. This version, dubbed WordPress 2.3.3, has been released as an urgent security update.

The problem? Well for blogs with registration enabled, a hole in the XML-RPC implementation was found that could allow a user to edit the posts of other users on that blog.

The WordPress team has two update solutions. If you just want to update the xmlrpc.php file, you can download it here and import it directly to your main WordPress directory (overwriting the file that is in its place now). If you want the full 2.3.3 update, which includes a few minor bug fixes in addition to the XML-RPC exploit, download it here and follow the usual upgrade protocol.

Additionally, if you use the WP-Forum plugin, be aware that it is being actively exploited as a target for SQL injections. Please disable and delete the plugin until a fix is released.

Tags: security update, SecurityUpdate, wordpress

Featured Time Waster

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Most Commented On (7 days)

Recent Comments

More Tech Coverage

AOL Radio

Joystiq

TUAW

Daily Finance

Autoblog

Urlesque

Engadget

WoW

Switched.com

FanHouse