Another Security Release WordPress 2.8.4
Well it seems to be almost a weekly upgrade for WordPress version 2.8. Here we are at 2.8.4 which is another security upgrade. This one addressing a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. Or in other words do the upgrade!
With the integration of the automatic upgrade feature in WordPress version 2.7 there is no reason to put off these small incremental upgrades. If you are still using version 2.7 or older you should certainly upgrade but make sure to backup your database and the wp-content folder first. The database holds your settings and content. The wp-content folder holds your themes, plugins and uploads folder with any images you have added to posts. Another precaution is to check what plugins you have installed and the settings of those plugins.
If you are still using version 2.7 or older I suggest doing a manual upgrade. There are some hosting accounts that block access to the automatic upgrade feature for both WordPress and plugins. In this case you will be stuck with the manual upgrade process. There are two outdated plugins that will probably produce errors when trying to update plugins and WordPress if you are using version 2.7 and above. For WordPress 2.7 and up the Automatic Upgrade plugin is no longer needed and should be deactivated and deleted. The other plugin is the One Click Plugin Updater which was used to automatically upgrade plugins. That feature is also now part of WordPress and the One Click Plugin Updater plugin should be deactivated and deleted. Trying to upgrade your plugins or WordPress with those two plugins active may cause errors.
You may also run into errors upgrading WordPress because of a combination of active plugins. In my case I need to deactivate the first 7 plugins to get the automatic upgrade to work. So if you get an error you can try to deactivate one plugin at a time. I can’t stress enough to have a backup plan and make sure you have a recent backup before any core WordPress upgrade.
Here are a few posts to help you with your backup and upgrade:
Backup WordPress Database
Scheduled Backup Of Your WordPress Blog
WordPress Upgrade Error Allowed Memory Size Exhausted
Similar Posts:
- WordPress Upgrade Precautions
- WordPress Upgrade Error Allowed Memory Size Exhausted
- WordPress 2.8.5 Another Security Release
If you liked this post, feel free to leave a comment that is relevant to the post or subscribe to the feed and get future articles delivered to your feed reader.
Sorry but due to the spamming of a few all comments are moderated and will appear when approved and all drive-by comments will be deleted!
Comments
Geez, these hackers need to chill out and leave wordpress alone. lol
Reply
Yea! Please dont hack WP. Lets WP alone.
Reply
I’ve just upgraded my blog to WP 2.8.4. Imo, you should wait for a few days after new version release then you can do the upgrade.
Reply
Wordpress is still the best blogging platform for me
Reply
Hey Jeff
Thanks a lot. With the help of this post upgraded my WP blog from 2.7
I agree why people (hackers) can’t just leave WP alone.
OMG, these hackers and there creativity to abuse technology….
Reply
i agree, its hard sometimes, i wish that people didn’t have to worry about being exploited all the time.
Reply
Today i came across around 11-13 tips how prevent WP from hacking!They are so usefull!One of them is keeping update your blog as soon as new version comes up!I have never thought of it!But certainly i will follow it now!
Reply
I got the info from this wordpress security very early by the email notification & i upgraded my blog so thanks for it!
Reply
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset.
Reply
Looking from one side WordPress can’t take revolutionary changes because too much at once would make old users go mad. From the other side not so many innovations are being put here to improve the application’s quality. In my opinion WordPress, like any other application is sometimes dropped into a hole of own-legend/success. I think that there is a little paradox that avoids people from leaving the program as long as it stays the way it was in the past, but also look for something more, so – few upgrades are needed every year.
Reply
i upgraded my blog because I got the info from this wordpress security by the email by the way thanks for it!
Reply
definitely this security service is really very good for the wordpress i liked that & also i am gonna ad them for my blog!once again thanks for that!
Reply
I’m always paranoid about waking up to find my blog hacked. I am disciplined about doing weekly backups. Nonetheless, I did go the trouble to upgrade to 2.8.4 It’s an unfortunate fact of life that we have to tolerate and protect ourselves from malicious people like this.
Reply
I think it’s too much upgrading, I prefer not to upgrade so many times.
Reply
I love wordpress but the recent run of security flaws is frustrating. I’ve not lost anything yet but I’ve been losing a little sleep over the possibility!
Reply
Another update? They’re coming thick and fast, but I guess it’s a good thing that they’re visibly taking security seriously.
Reply
I hate all these upgrades !! Just recently i found out about the pesky pass-reset exploit. But its not really harmful, its just very, very annoying.
Reply
is it really important to get this upgrade.. i dont really know how to do it, i just installed wordpress 2.8 and dont know how to change it
Reply
Jeff Replied:
August 25th, 2009 at 10:16 pm
You should always keep your version up to date.
Reply
I heard Wordpress 2.8.3 had a serious security problem that allowed hackers in. Hopefully 2.8.4 fixed that issue, I got nervous for a bit there.
Reply
I think its very important to upgrade as per the security reasons bcoz there is the risk of hacking.Thanks for this important information.Really a nice psot.Thanks
Reply
It`s really frustrating. I have 45 blogs to update – another night lost.
Reply
I love wordpress but the recent security flaws are quite frustrating… oh and bugs aren’t helping either. The most recent version has disabled the ability for me to upload photos…:(
Reply
That’s what I love about open source, you can actually see the progress being made often to improve the software… and WP is a great example of that.
Reply
Wordpress is still the best! Thanx for keeping us updated!
Reply
This one addressing a vulnerability where a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset.
This upgrade is excellent because it focuses on the security of WordPress. I think it is one of the best upgrades by WordPress.
Reply
I really love wordpress, but these weekly updates are starting to wear me out. I know updating is important, but give me a break.
Reply
Wordpress is still the best blogging platform for me…Thankyou for the nice post….
Reply
I really love wordpress. The WordPress Development team has announced that they are converting all default WordPress Widgets to work with the new Widgets API.
Reply
I’ve just upgraded my blog to WP 2.8.4. Imo, you should wait for a few days after new version release then you can do the upgrade.
Reply
sometimes it sucks when wordpress keeps on releasing updates.. its like i have not updated all my blogs yet and here is another update
Reply
My hosting account is making me stuck here and frustrated also. Every time there is a new Wordpress version release, I have to copy the installation files and paste it manually to the folder. It didn’t allow automatic upgrade but I am don’t have problem on other hosting package which is more expensive one and it allows automatic upgrade.
I am using One Click Plugin Updater before also and now it has become part of latest wordpress version
Reply
I just upgraded my blog manually about 3 hrs ago from version 2.7. It now feels good that im safe for now.
Reply
I am just so thankful for the automatic upgrade function. If I had to keep upgrading WP manually I would be getting so frustrated with it by now.
Reply
Hello,
Nice post. I think WP is the best blog and I don’t mind updating. Updation is a part which we cant neglect to enjoy its full features and new releases.
Reply
Thanks for information, i think version WordPress 2.8.4 great optimation.
Reply
The best thing about WordPress is its frequent upgrade, don’t you think so? Well, this one sounds great. I just hope it would really be effective.
Reply
I love wordpress but the recent run of security flaws is frustrating. I’ve not lost anything yet but I’ve been losing a little sleep over the possibility!thanks dude.
Reply
I’ve been using WP for my blogging and don’t have any problems yet about it. I don’t know yet about this new security but i will try it.
Thanks
Reply
I hate all these upgrades !! Just recently i found out about the pesky pass-reset exploit. But its not really harmful, its just very, very annoying.
Reply
I get sick of all these WP upgrades. I wish the would just wait to release the new versions of WP until they were complete. Then we wouldn’t have to keep upgrading.
Reply
Leave a comment
Drive-By comments will be deleted! Like "Thanks for sharing", "Nice post", or any other text that doesn't contribute to the discussion. If you ask a very specific question about your particular WordPress theme, it will probably be deleted. I can fix your WordPress site but for a price. If you ask a question like "Why don't my blog work right", it will be deleted. If you ask a question about your WordPress site without a leaving a link to it, it will be deleted. The point is to ask questions and or comment on the the actual content of the post, and to please use some common sense. All comments are moderated and will appear when approved. Thank you.