WordPress 2.3.3 Is A Security Fix
Anytime I wake up and login to my blog admin interface and I see a new version of WordPress made available – I look at details of the release. I have to know HOW URGENT the upgrade is and how high on my list of priorities that task should go.
WordPress 2.3.3 made available today is an URGENT Security Fix - make sure to upgrade ASAP! Well, actually – you don’t have to upgrade…
Although I have personally did a full upgrade on my blogs reading through the developers notes it becomes clear that WordPress 2.3.3 is really addresses just one file that has a security issue (xmlrpc.php) and simply uploading that file into your blog root folder and overwriting your current file will fix the security problem.
But if you decide to do a full upgrade (which was a one minute deal for me) it helps you integrate a few minor fixes implemented into this version and also get rid on the message in your blog’s admin interface that You Need To Upgrade.
I have tested a full upgrade without even deactivating plugins on one of my blogs and had absolutely no issues. So my recommendation is to go ahead and do a full upgrade. Just don’t forget to create a good backup first!
More Options Print This Post
 Subscribe With RSS Reader Subscribe by Email![[Post to Twitter]](http://www.howtospoter.com/wp-content/plugins/tweet-this/icons/tt-twitter.png){kind=icon} Tweet This PostFiled under WordPress |
Related posts |
Technorati: wordpress, wordpress 2.3.3,
14 Responses to “WordPress 2.3.3 Is A Security Fix”
Trackbacks/Pingbacks
-
WordPress 2.3.3 Is A Security Fix…
WordPress 2.3.3 was released a few hours ago and is labeled as Critical Security Fix release. It is strongly advised that you upgrade your current installation to the latest version as security problem fixed allows attacket to directly exploit yo…
-
[...] The newest release of WordPress has been launched this weekend. Read Alex Sysoef’s WordPress 2.3.3 Is A Security Fix [...]
Recently I tried the upgrade and completely corrupted my site and database, I did have a back up , so its doubtful that I ever try it again. That being said i confess I am not a Wordpress wizard
Making Sales Making Money’s last blog post..Home Based Business on a Budget
Well, this one really only requires ONE FILE xmlrpc.php to be upgraded to avoid security hole. At the very least – upgrade the file, link is in the post.
Isn’t this only a critical problem if you have registration active?
I’ve got about 20 blogs to update and that takes a while to FTP the whole WP install to them. I may just do the xmlrpc.php and follow up later with the full install.
Frank C’s last blog post..Site Review: Credit Karma
Frank – correct. For exploit to work that person would have to have an active account on your blog to edit posts of other users on same blog. That is what I have read from the developers release as well. I don’t see it as huge issue for blogs with registration not open but since this rpc exploit – I would personally got the safe route and upgrade the file at least.
Do you have any information or advice on upgrading from 2.3.1? I have errors in that, with the database I think, although the blog displays ok. I would love to get rid of them, but don’t have a clue. I did a kind of manual update from 2.2 to get to 2.3.1 and I think that caused the problem. But I find the wordpress forums far too geekie to understand. I am not sure what to do. I suppose I could paste copies of the posts etc, and reload from the very beginning? Would that be easier and more reliable?
You mention back up. I can download the complete blog to back it up of course. But I have no idea how the blog interacts with the MySql database, and my ignorance makes me nervous.
It’s the blog at http://www.ibizreviews.com
Lyn’s last blog post..geggvgcx
Lyn,
Your hosting account should provide you with Backup option. Simply create a backup of your blog’s database. If need help I would recommend looking through your host support docs – I can guarantee they explain how to get it done.
Upgrade from 2.2 to 2.3 is not a problem but 2.3 introduced some big changes to the way it handles posts and added tags as native option. Many plugins due to those changes became incompatible with 2.3. If you are getting errors (which I didn’t see) it should indicate in error a path to plugin. Deactivate that plugin and either install a version of it compatible with 2.3+ or replace its functionality.
It’s very easy to upgrade Wordpress using the automatic upgrade Wordpress plugin. It only takes a couple minutes and it does all the work for you!
I use it every time I have to upgrade. I do personally recommend manually saving a copy of your MySQL database separately though too (it can never hurt to have multiple copies). Even though the plugin gives the ability to download a saved copy of your database, I once had trouble opening that file when I needed it… so now I’m just extra cautious.
All the best,
Epiphany
Epiphany’s last blog post..Progress & Income Report – January 2008
Yes, that plugin is good – but as you mentioned, people need to be aware it doesn’t create a backup! So backup first.
Epiphany,
Thank you so much. What a brilliant plug in. One of the very few that tells you what to do! And The-Spot-er, if you choose the manual option (which I did, because I wanted to know what it was doing as it went throught the process) it makes the backup point very clear. You can’t miss it. Also I did find out how to backup the MySql in hostgator first, but I think the plug in instructions would have taken care of it.
And….. drumroll please….. the update appears to have taken care of the error messages I had with 2.3.1. So all in all I am really pleased. Thank you both for your help.
Lyn
OH GOOD, Lyn, you’re welcome! I’m so glad you found the plugin as useful I do.
I do my upgrades manually using the plugin also (which is still super fast). Just make sure you can actually open those back up files it provides for you, because for some reason I seem to have trouble with them (the format maybe, I don’t know). That’s why I mentioned saving the database separately so you are sure you have a copy. I suppose if you wanted to be extra EXTRA careful you could also save your WP-Content folder separately too (so you have all your plugins and your theme with all your modifications). Anyway, I’m so happy you found it useful. -Epiphany
Epiphany’s last blog post..Progress & Income Report – January 2008
Thanks guys,
I tried earlier version of the plugin and decided not to use it. Perhaps it is worth to re-visit.
Alex
I have uploaded the xmlrpc.php file. I will wait for version 2.5 for a full upgrade