PureNews

PureNews is an amazingly sleek and powerful news theme with unlimited color variations.

View full feature list Check out the live demo Buy this theme today

WordPress – Stay Current and Stay Safe

Posted by on 22nd Sep 2009 WordPress 1 comment

wordpress-securityWhile it is always important to keep your WordPress software current, this past summer saw a barrage of updates and security issues.  Like any Internet based application, WordPress is no stranger to security issues.  In fact back in 2007 this article, WordPress Version 2.2 Hack Warning, was posted on Blogging Tips.

This summer saw a barrage of updates: WordPress 2.8 was released on June 10th and by August 12th version 2.8.4 was released for a total of 5 updates in 60 days – an unprecedented pace for WordPress releases.  These security issues were major enough to demand the immediate attention of  new releases.  For example, the 2.8.4 release was because:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.

There are any number of worms on the Internet looking for older instances of WordPress.  Where worms were once limited to childish things like defacing your site, the new worms are looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other inappropriate purposes.  For more than a month, as worm attacks have raged, version 2.8.4 has stood tall as a safe defense.

Upgrading is a known quantity of work, and one that the WordPress community has tried to make as easy as possible with one-click upgrades.  Fixing a hacked site, recovering Google placement after your site gets removed from Google for having spam and malware on it and recovering lost users – those projects are way harder than the occasional WordPress upgrade.  If you ever find that your site has been attacked then you can find help in the WordPress Codex article on how to deal with a hacked WordPress site.

If you are using a WordPress version after 2.7, the nag screen on the WordPress Administration Panels will alert you to upgrade. If you don’t see the nag screen then you are using an older version and you should be updating now! As the WordPress Blog recently said “Please upgrade, it’s the only way we can help each other” and keep the WordPress community as strong as ever.

David Silversmith is an Internet and Web analytics consultant with more than 20 years' experience managing both technology and customer service for information businesses. He is the former CTO at Carfax.com where he spent 12 years implementing and managing IT strategy. While there, he led the adoption of hosted Web analytics and implemented some of the earliest A/B testing applications to optimize visitor traffic. Silversmith also spent seven years at Nielson Claritas, a leading supplier of demographic information, establishing its technical support and training departments. He's also managed call centers supporting products such as Canon printers, and the Sony Magic Link - one of the first hand held PDAs.

View my posts Visit my homepage
Recommended Posts
SnatchCode Helps You Backup Your Website and Databases with One Click SnatchCode Helps You Backup Your Website and Databases with One Click 1
Comment Form Leads to 404 Page? Comment Form Leads to 404 Page? 1
4 Christmas WordPress Themes to Put Your Readers in the Holiday Spirit 4 Christmas WordPress Themes to Put Your Readers in the Holiday Spirit 4
1 comment - Leave a reply
  • Posted by Saksham on 23rd Sep 2009

    A good and a helpful post. I also stress my users to use the latest WordPress version. Who can say what happens when?