WordPress just released version 2.6.5 a few hours ago to fix one security problem and three bugs. It is recommended that everyone upgrade to this release.

Here’s a little bit of information regarding the security issue and the three bugs that WordPress 2.6.5 fixes:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x…

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests.

Btw, if you’ve noticed the WordPress development team skipped from 2.6.3 to 2.6.5. That is not an error and is done purposely to avoid confusion with the fake 2.6.4 version that the fake WordPress site tried to distribute early this month.

If you’re not interested in doing a full upgrade but still make your WordPress installation secure, all you need to do is download version 2.6.5, copy wp-includes/feed.php and wp-includes/version.php and upload (overwrite existing files) them to your wp-includes folder.

I’ve already upgraded mine and I advise that you do the same thing. It only takes a few minutes to do plus you’ll have peace of mind that your WordPress blog is more secure. Make sure you only download from the real WordPress site. Better safe than sorry!

Download WordPress 2.6.5



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.


  • JP Habaradas, November 29, 2008 @ 8:25 AM Reply

    @K – Yeah I know, I forgot to tell you that you could just remove the sensitive data like password and db name, etc or replace them with asterisks (*) so that the code doesn’t get changed.

    Even if you’re not worried about the RSS feed, it would be nice if it works as some people would want to subscribe to it.

    Let me know if there’s anything else I can do to help or when you’ve found a way to fix it. You’re welcome! :)

  • K, November 29, 2008 @ 8:24 AM Reply

    I don’t mind sending the files but — config file stores private information like password, log in, etc. Is that safe? I was thinking, maybe I’ll just have to wait for the latest wp version.

    I’m not worried with the use rss feeds, infact I see no point in using it, I guess it’s a choice whether we want to add it or not, pero parang something is missing in my blogging without an rss.

    I’m going to take a closer look with the errors. Will let you know. Thanks again.

  • JP Habaradas, November 28, 2008 @ 2:35 PM Reply

    @K – You’re welcome my friend! Is that so? If you don’t mind, can you send me a copy of your wp-config.php and header.php file? I just wanna take a look at it, just in case you missed something. Hope you’ll be able to fix this issue soon. :)

  • K, November 28, 2008 @ 2:31 PM Reply

    Thanks for the concerns, however I checked the config.php (for some reason my theme doesn’t have function.php) and did all that, still can’t see a whitespace in between.

    I will try the plugin on and off and see if it works. I think it’s all in the header php, just can’t find it correctly. I verified the feeder to validate what was causing the error, it says a line from xml or something breaks the code. No idea.

    TY Jaypee.

  • JP Habaradas, November 28, 2008 @ 2:20 PM Reply

    @Leon – Ei man, it’s been a while. Good to see you back here. I see, so how do you like the new version of WordPress? Did you experience any issues or incompatibilities with your themes or plugins?

    Btw, I’m about to post my article about getting ready for WordPress 2.7 and it would be nice if you can share your thoughts there too. Thanks for dropping by and have a great weekend! :)

  • Leon, November 28, 2008 @ 2:15 PM Reply

    I’m using the 2.7 beta myself.

  • JP Habaradas, November 28, 2008 @ 10:55 AM Reply

    @K – You mean your RSS feed stopped working when you upgraded to the latest version of WordPress?

    This might take a while but just try these and let me know if it fixes your RSS feed or not. We can try something else if all these fails. I know you’ve been tweaking/customizing your theme a lot lately, you might wanna check your theme (especially wp-config.php and function.php) files for any blank spaces (whitespace) between because thats what causes this error most of the time.

    You might also wanna check your plugins. Deactivate all plugins and reactivate them one-by-one while checking if your RSS feed is working or not. Let me know what happens ok?

  • K, November 28, 2008 @ 10:52 AM Reply

    I am trying to know how to fix my rss feed. I upgraded to the latest (like I always do) and it never worked. I don’t know what seemed to be the problem.


  • JP Habaradas, November 27, 2008 @ 2:55 AM Reply

    @expressregalo – You’re welcome! Btw, just curious, are you the owner of Express Regalo? :)

  • expressregalo, November 27, 2008 @ 2:54 AM Reply

    Good post. I never thought of it that way. Thanks for this entry.

    Arrielle Green

  • JP Habaradas, November 26, 2008 @ 4:05 AM Reply

    @joie – You’re welcome bai! Make sure you always check your WP Dashboard for updates.

    Really? That’s weird. How did you find out that it was AVG that was causing the problem and what did you do to fix it? If you want an alternative antivirus, you can try Avast. It’s what I’m using right now.

    Have a great weekend!

  • joie, November 26, 2008 @ 4:00 AM Reply

    thanks for the post jaypee.. i didn’t know that’s there’s already and wordpress 2.6.5 BTW the error that cause the firefox 3 to crash on when i browse your site is my avg add one. Now it works fine.

  • JP Habaradas, November 25, 2008 @ 4:50 PM Reply

    @Pahn – Yup, it was just released earlier today. If you don’t have time to do the full upgrade, just do the two necessary files. It only takes a couple minutes. :)

  • Pahn, November 25, 2008 @ 4:46 PM Reply

    oh, there is already 2.6.5, I haven’t upgrade yet.. lol.. keeping my hands full to worry about the new features,, hehehe

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.