WordPress 2.8.5: Hardening Release


WordPress 2.8.5

Was checking some stuff on my WP Dashboard a few minutes ago when I noticed that there was notification advising me to upgrade to WordPress 2.8.5. Here’s an excerpt from the WordPress blog regarding this recent release:

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought we worth back-porting to the 2.8 branch so as to get these improvements out there and making all your sites as secure as possible.

WordPress 2.8.5 headline changes:

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

Recently, there’s been a lot of attacks and exploits on WordPress blogs. Lately, I’ve been receiving a lot of notifications from the WordPress Firewall plugin regarding attacks on my blog. If you think that your blog has been compromised you can use the WordPress Exploit Scanner plugin to check your blog for any traces of exploits.

I’ve just upgraded my WordPress install to version 2.8.5 and I strongly suggest that you do too. It will only take a few minutes of your time and it won’t only make your blog more secure but it will also give you some peace of mind.

If you haven’t upgraded to WordPress 2.8.5, you are advised to do so immediately to avoid the risks of a DDOS attack and prevent future problems and headaches on your blog or website.

Download WordPress 2.8.5 now!

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

6 Comments

  1. JP Habaradas

    October 21, 2009 at 1:45 PM

    @VC – This is just a hardening release that fixed a few bugs to keep your blog more secure and make it more ready for the next stable release – version 2.9.

    WordPress encourages but doesn’t force users to upgrade. If you don’t want to upgrade, its totally up to you. These upgrades are made to help us keep our blogs more stable and secure.

  2. V.C

    October 21, 2009 at 1:43 PM

    I don’t understand why they released the new version so quickly after the last update 2 months ago.
    I don’t see any changing in this new version. It’s not really necessary to upgrade.

  3. JP Habaradas

    October 21, 2009 at 9:35 AM

    @Jhay – Really? Its been a while since that happened to me after I upgraded my WordPress install. But anyways, that upgrade.php page is just a confirmation, kinda like a formality. Hehe

  4. Jhay

    October 21, 2009 at 9:31 AM

    I think this is the first WP upgrade I applied that worked “out-of-the-box” because after I uploaded the files via FTP, it didn’t redirected me to the /wp-admin/upgrade.php page. :D

  5. JP Habaradas

    October 21, 2009 at 7:00 AM

    @jan – Good job! Now you can sleep better knowing that your blog has the latest version of WordPress. Yes, the WP Firewall plugin is a totally different plugin from the WordPress Exploit Scanner plugin.

  6. jan geronimo

    October 21, 2009 at 6:59 AM

    Done. I’ve upgraded mine to 2.8.5 already this morning… Is this WordPress Firewall plugin different from WordPress Exploit Scanner?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">