Take it from somebody who lost at least one whole blog entirely from the consequences not upgrading WordPress: Upgrading your installation or patch is essential. So read this from Ian Kallen.
Also what he added by IM yesterday:
What’s happening is: spammers are taking over blogs, posting link farm links on them, obscuring their human visibility with CSS tricks but the links are still visible to crawlers… |
All wordpress users that haven’t patched or upgraded to v2.3.3 are vulnerable. |
WordPress does not auto-update security fixes. |
…Any help you can provide getting the word out would be a mitzvah |
I added the last link. 🙂
-
That’s one reason I stay away from WordPress, too many security problems and updating is a royal pain if you use a lot of plugins, etc.
See here – http://secunia.com/search/?search=Wordpress&w=0 -
There is also the auto upgrade plugin which makes life easy, http://wordpress.org/extend/plugins/wordpress-automatic-upgrade/
-
I have to agree with PXLated. WP is just too insecure. Matt and his crew just write bad code and bod code leads to one thing… security issues. I’m sure there are still security holes in the new version as well having seen enough of their code in the past- remember this is the same guy that thinks PHP5 is BAD and IRRELEVANT.
-
[…] WordPress has announced WordPress 2.5, the culmination of six months of work by the WordPress community. With this change comes a number of serious upgrades to their software. The new version is wonderful and makes writing easier. Only problem is that the upgrade and all the under side applications require hours of work. […]
-
I’m confused. Does this apply to wordpress blogs installed on a separate domain, or hosted on wordpress.com, or both? Thanks.
-
Thanks for the clarification between separate domains and wordpress.com hosted.
-
It’s also a good idea to backup your blog’s database so that it can be restored in case of getting hacked, a crash, whatever.
Comments are now closed.
24 comments