alex sysoef
Get weekly Blogging eZine plus Free, INSTANT access to "Profitable Blogging For Newbies" ($17 Value)

18567Blog Subscribers
16,027Twitter Followers
expert wordpress

Jun 21 2007

WordPress 2.2.1 – Why You Have to Upgrade Now

{1 Comment}

If you have installed WordPress 2.2 you absolutely MUST upgrade to the latest version 2.2.1. This new version not only addresses the few bug fixes but most importantly several security issues. Read all issues addressed here.

At least one of them already has an exploit out “in the wild”. XML-RPC exploit affects ONLY WordPress 2.2 and only blogs that allow registration or blogs that already have registered members as it relies on existing account to perform SQL injection and allows attacker to take full control of your blog. Here are some details on this exploit on WordPress support forums and here is a post by someone who already been hacked.

Second security issue addressed was PHPMailer and if you use Sendmail on your blog for mail function – you need to check this one.

Upgrade Notes: If running 2.2 then you must upgrade, this is not optional if you want to save yourself pain of recovering from hack. Here is some information you might find useful.

I have just upgraded 2 of my blogs and there doesn’t seem to be any changes to database – just the files. Simply uploading new version of core system and overwriting old files did the trick for me. You still do need to run upgrade.php script but it will tell you that no databases changes required. On my blog I have even done it against recommendations and performed upgrade without deactivating plugins. My reasoning was that all the fixes address files that shouldn’t affect plugins I have currently in use. It worked for me – but I would recommend you test it in development environment first or follow recommended procedures. I did do a backup before running upgrade.

What to do if you can upgrade immediately?

If you already have registered users – upgrade now. However if there are no user you can simply go to Options –> General and remove check mark from option “Anyone can register”. Save your settings. This will not make your system secure but it will hold you over the short time you need to upgrade.

Please be advised – I highly recommend you upgrade ASAP. The option above might only prevent exploit for a short period of time.

More Options

Print This Page Print This Page!
Subscribe to WordPress Howto Spotter Subscribe With RSS Reader
Subscribe to WordPress Howto Spotter Subscribe by Email

Filed under WordPress

Related posts:

  1. WordPress 2.2 In-Place Upgrade Woes
  2. WordPress Stats That Actually Matter
  3. WordPress Most Innovative Plugins List
  4. Jack London, Your Blog, RSS Feed And WordPress 2.2 …
  5. WordPress Web-Design for Web 2.0
Tags: ,

About The Blog Author

Alex Sysoef is an IT Consultant, Internet Marketer and ProBlogger who shares his passion and knowledge of WordPress, SEO, Social Media and traffic strategies on his blog WordPress Howto Spotter. Connect on Twitter or Facebook

One Response to “WordPress 2.2.1 – Why You Have to Upgrade Now”

Leave a Reply

Comment Guidelines: All your links are DoFollow links. No Keywords In Name. No inappropriate or offensive comments. No links to inappropriate or offensive sites. Comments must contribute to the discussion. ALL SPAM DELETED!

Comments Manually Approved prior to appearing!

CommentLuv badge

Notify me of followup comments via e-mail. You can also subscribe without commenting.