WordPress 2.8.5: Hardening Release
Was checking some stuff on my WP Dashboard a few minutes ago when I noticed that there was notification advising me to upgrade to WordPress 2.8.5. Here’s an excerpt from the WordPress blog regarding this recent release:
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought we worth back-porting to the 2.8 branch so as to get these improvements out there and making all your sites as secure as possible.
WordPress 2.8.5 headline changes:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
Recently, there’s been a lot of attacks and exploits on WordPress blogs. Lately, I’ve been receiving a lot of notifications from the WordPress Firewall plugin regarding attacks on my blog. If you think that your blog has been compromised you can use the WordPress Exploit Scanner plugin to check your blog for any traces of exploits.
I’ve just upgraded my WordPress install to version 2.8.5 and I strongly suggest that you do too. It will only take a few minutes of your time and it won’t only make your blog more secure but it will also give you some peace of mind.
If you haven’t upgraded to WordPress 2.8.5, you are advised to do so immediately to avoid the risks of a DDOS attack and prevent future problems and headaches on your blog or website.