from $0 to $1500 per month in 9 months…up next $10k+ per month…
Posted by Ben Cook as WordPress Information
As many of you may already know, WordPress 2.3.3 has been released and includes an “urgent security” upgrade. According to WordPress “A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.” For many of you, this probably won’t be a problem. However, if you have multiple users, it would definitely be wise to upgrade.
Since the problem is apparently with just one file, WordPress has made the single file available for download. So, rather than upgrading your entire installation, you can simply upload the single file to patch the security risk. I’ve opted for that path and will probably wait to upgrade fully until 2.3.3 is available to upgrade through my control panel via Fantastico but it’s always a good idea to keep all your installations up to date. Countless blogs I’ve read have been hacked because they hadn’t kept up to date and I’d much rather learn from their experiences dealing with it, than my own.
12 Responses
cuzzy
February 5th, 2008 at 10:34 am
1Thanks for the update, I really enjoy your blog and am hoping to use what I have read on your site to good use.
Great work so far…..
Silvano
February 5th, 2008 at 11:07 am
2I use a plugin called instant upgrade via http://www.zirona.com/software.....nt-upgrade that makes it simple to stay updated. When I log into my dashboard, and see theres a new update, i just enable this plugin, click update, and its done. Then disable the plugin as theres no need to keep it running fulltime.
Scott Magdalein
February 5th, 2008 at 1:43 pm
3any idea where i can get that single file alone without sifting through files i don’t understand?
Ben Cook
February 5th, 2008 at 1:58 pm
4@ Scott, if you follow that link they have a link to it or you can just go directly to it using this link.
Eric Vernon
February 6th, 2008 at 1:06 am
5Oof, I’m glad they found that bug… although it was most likely found by an unfortunate blogger who found his ‘buddy’ had messed with his blog.
Ninja Steve
February 6th, 2008 at 9:53 am
6Well, then I’m lucky because I’m a lone ranger blogger. If you are the only writer, then you’re not affected right.
Ben Cook
February 6th, 2008 at 4:40 pm
7@ Ninja, that’s my understanding of it but I’d still suggest uploading the fixed file just to be safe.
Rebecca Laffar-Smith
February 7th, 2008 at 1:18 am
8THANK YOU! I saw my Wordpress announcing the need to upgrade but was dreading it because last time I upgraded I had to go in and make a whole bunch of changes (I’ve customized some of the php coded pages). Now I know I can update that single page it makes me much happier to do so. I know I should have done the leg work myself to check it out but I truly appreciate your having done it for me.
Homeboy's Astronomy Blog
February 7th, 2008 at 1:48 am
9Hey, thanks for this tip! I didn’t know that only one file needs to be changed.
CatherineL
February 7th, 2008 at 8:15 am
10Has anyone tried upgrading this with Fantastico? Everytime I go to Bluehost they don’t have the upgraded version available.
I only recently upgraded to 2.2 and wound up with loads of additional weird characters in all my posts. Is there some kind of fixing tool you can get to get rid of them, as it would take me ages to edit each post? Thanks.
Ben Cook
February 7th, 2008 at 8:59 am
11@ Catherine, I tried but it didn’t have the option available. They usually take about a week or so (at least in my experience) to make the newest version available. That being said, I just discovered this recently and my goodness is that handy. I’ve got so many blogs out there just sitting that it’s nice to have a practically one click upgrade.
For the weird characters, I’d try upgrading and see what happens. If it’s something that WordPress did, maybe it will undo it as well. Otherwise I’m not sure what to tell ya…
Tom Ross
February 8th, 2008 at 5:13 pm
12Thanks for the heads up!
RSS feed for comments on this post · TrackBack URI
Leave a reply
to top of page...