Heads up to all WordPress users! A new security update – WordPress 3.1.2 was just released a few hours ago. This security release addresses a vulnerability allowing Contributor-level users to improperly publish posts so everyone is strongly advised to update to this latest version especially if user registration is enabled on your WordPress-powered blog or website.

Aside from that, version 3.1.2 also fixes a few other bugs that didn’t make it in the previous version 3.1.1. Thanks to Andrew Nacin and Benjamin Balter for discovering about the security issue and informing the WordPress team about it.

You can download WordPress 3.1.2 and do the upgrade manually or you can choose to do it the easy way via the WordPress admin panel – Dashboard > Updates. Be sure to backup your WordPress database and deactivate all active plugins before performing the upgrade.

Just upgraded JaypeeOnline to WordPress 3.1.2 (manually) a few minutes ago and the upgrade process went smoothly, no issues with the current plugins I’m using.

The WordPress dev team has released the WordPress 3.0.4 security update to fix a core security bug in the HTML sanitation library. This particular version or release is classified as “critical” so all self-hosted WordPress users are advised to update/upgrade their WordPress installation ASAP!

Here’s an excerpt of the official announcement from the WordPress blog:

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

Special thanks and mention goes to Mauro Gentile and Jon Cave, the people who discovered and alerted the WordPress team about the vulnerabilities. Aside from the large number of available free themes and plugins, another thing that makes WordPress awesome is the involvement and support of its community.

Something related to WordPress 3.0.4, I came across Lorelle’s post and it mentions about Dreamhost users who haven’t upgraded to version 3.0.4 had issues logging into their dashboards and found out that some codes have been inserted into a large number of WordPress files.

If you haven’t upgraded your WordPress installation to WordPress 3.0.4, please spare a few minutes of your time to do so. Better safe than sorry folks!

You can download WordPress 3.0.4 manually from WordPress.org or do it automatically via the WordPress admin panel – Dashboard > Updates.

Another heads up for all WordPress users. The WordPress dev team just released another security update WordPress 2.8.4 to fix a vulnerability discovered yesterday.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

If you were trying to access JaypeeOnline earlier and got an error message or a Forbidden page, it was because I was upgrading my WordPress install to version 2.8.4. I strongly advice that you do the same thing and upgrade your WordPress install ASAP. I know I always say this but I don’t and won’t get tired of saying it – “Better safe than sorry”. Doing the upgrade will only take a few minutes of your time and in case you’re still new to WordPress and are not familiar with the process, the WordPress Codex has a dedicated page that contains a detailed process on how to upgrade WordPress.

To be honest with you guys, I also went through a phase where I thought about quitting from blogging. I don’t know but it seemed like I lost interest and sense of purpose in this blog and blogging in general. But because of the encouraging emails and instant messages I received from friends and loyal readers of this blog, I was inspired to go back. I realized that this blog is not just about me but it’s also about you, my readers. I really appreciate all your support inspite of the lack of updates and the month-long hiatus.

Anyways, the first thing I did was to upgrade my WordPress installation to version 2.5.1. Everything went smoothly and installation only took a few minutes. Before I did the upgrade, I got to read my friend Jhay’s post regarding the issues he had upgrading to WordPress 2.5.1. It turns out his blog was compromised and it was what caused the problem. I was alerted and I checked my blog’s database to see if it was also compromised. Fortunately for me there were no phantom users or plugins installed. It’s always a good practice to check your blog thoroughly every now and then just to be sure that everything is okay and secure.

Check out this post from WordPress Philippines that talks about the recent WordPress vulnerability/hack in detail.

Now that I’m back to blogging, I have a lot of catching up to do. I’ve got lots of RSS feeds to read, comments to reply to, blogs to visit and post comments to. I owe several people product/site reviews and I need to finish them. Don’t worry guys I haven’t forgotten about it and I promise to do them in the coming days.

Thanks for your continued support and hope you guys have a nice day!