WordPress 2.6.5 Security Upgrade

The WordPress team announced a security upgrade to 2.6.5 that fixes an exploit only affects IP-based virtual servers running on Apache 2.x.  Fortuanately, for Blogs About clients, this only affects our clients on only one of our servers.  If you are hosted on our Kiwi server (IP 76.74.159.114), and are running WordPress on your account, you will want to upgrade to WordPress 2.6.5.  Our Kiwi server is running Apache 2.2.9.  ( The IP of the server you are on is listed in your account CPanel, in the left menu – if is 76.74.159.114 – you’re on Kiwi)

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Get the WordPress 2.6.5 files from the official WordPress site.

Has Your WordPress Blog Been Hacked?

Our client, Anita Campbell from SMBTrendWire wrote in with a valuable resource that I want to share with you. It’s an article written by Aaron Wall at SEOBook.com called WordPress Blog Hacking Checklist. Aaron’s article points out some great pointers and tips on how to find out if your WordPress blog was hacked, and what to do about it if you find out that it was.

This is also a perfect time for me to emphasize how important it is to keep your WordPress software upgraded to the most recent version. Old versions of WordPress are vulnerable for exploitation, simply due to the fact that the older versions have an old code base that is no longer being developed. This means that bugs and/or vulnerabilities that existed in old versions were fixed in the new versions – – so, if you’re using old versions… you’re also using the bugs and vulnerabilities, too!

Take control of your WordPress blog and don’t let his happen to you by upgrading as soon you can after you hear about a new WordPress version release. For those of you keeping up – WordPress 2.6.3 is the most recent version available right now. WordPress 2.7 is due for release on 11/10/08.

I use this handy plugin that allows me to easily, and quickly, upgrade my WordPress blogs from within my WordPress administration panel – – no uploading, no configuring, no messing with the file structure at all: WordPress Automatic Upgrade. Give it a shot – it will make your WordPress experience much more pleasant!

WordPress 2.1 Release

WordPress announced the release of the new version 2.1-Ella. This is a major version release and we encourage everyone to read the information about what has changed in this version, as well as the details upgrade instructions for upgrading to WordPress 2.1.

Also, here is a listing of WP Plugins that are compatible with this newest version – also listed there are plugins that are NOT compatible with WordPress version 2.1 – – make sure you read that information as it applies to plugins you may have installed on your WordPress blog.

We strongly recommend that you follow the threads in the WordPress Support Forums regarding major issues that users are having after upgrading to version 2.1 – – read through these issues before deciding to proceed with the upgrade. Typically, after such a major release – – they will release another version shortly that addresses any major bugs found only after several thousand users have upgraded and reported back with the issues. Please keep that in mind before jumping on the upgrade bandwagon.

As always – – back up your data before you proceed with an upgrade! We cannot stress this strongly enough. Yes, we do keep backups of your account – however, please read our Terms of Service as it pertains to the restoration of your back ups. We will restore the first back up for no charge – – after that, if you continue to experience issues due to failing to back up your own data, there will be a charge for each instance of back up restoration to compensate for time involved and the server resources it utilizes with each occurrance. You are able to create a full back up of your account via your CPanel – login and find the ‘BackUp” icon – – click that and follow the instructions on the creation of a back up file. This way, if the installation goes wrong, you have a full and complete back up that you can restore via your CPanel, as well.