Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
Thread Tools Display Modes
Share |
  #21  
Old 02-08-2011, 01:42 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
Update To WordPress 3.0.5 Now To Avoid Potential Security Breach

Quote:
On Monday February 7, 2011, WordPress has released an important update. Quoting from WordPress.org ...
Quote:
"WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions. This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening."
WordPress 3.0.5 is for ALL previous versions of WordPress.
Read more: Update To WordPress 3.0.5 Now To Avoid Potential Security Breach

And Wordpress' announcement is here:
Quote:
WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions.

This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update.
WordPress 3.0.5 (and 3.1 Release Candidate 4)
 
Reply With Quote

Advertisement

Advertisement

  #22  
Old 02-23-2011, 03:23 PM
moneyonlinesorg's Avatar
moneyonlinesorg moneyonlinesorg is offline
v7n Mentor
 
Join Date: 02-03-11
Location: USA
Posts: 1,208
iTrader: 0 / 0%
Exclamation WordPress 3.1 Update

Just a quick post to let people know, if you're running wordpress, 3.1 hit the admin area today. It seems like some nice new additions. You might want to log in and grab it if you've been away from your blogs a while.
 
Reply With Quote
  #23  
Old 02-23-2011, 10:36 PM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
Thank You Moneyman for the update. I upgraded my blog while at work when i was making some updates.

Here is more information about the 3.1 release:

Quote:
The long-awaited fourteenth release of WordPress is now available. WordPress 3.1 “Reinhardt” is named in honor of the jazz guitarist Django Reinhardt. Version 3.1 is available for download, or you can update from within your dashboard.

This release features a lightning fast redesigned linking workflow which makes it easy to link to your existing posts and pages, an admin bar so you’re never more than a click away from your most-used dashboard pages, a streamlined writing interface that hides many of the seldom-used panels by default to create a simpler and less intimidating writing experience for new bloggers (visit Screen Options in the top right to get old panels back), and a refreshed blue admin scheme available for selection under your personal options.

There’s a bucket of candy for developers as well, including our new...
Continued at: http://wordpress.org/news/2011/02/threeone/

Create a thread if ya'll wish to discuss this release
 
Reply With Quote
  #24  
Old 02-23-2011, 11:55 PM
moneyonlinesorg's Avatar
moneyonlinesorg moneyonlinesorg is offline
v7n Mentor
 
Join Date: 02-03-11
Location: USA
Posts: 1,208
iTrader: 0 / 0%
NP Slithers, I started a thread, missing this one and someone was kind enough to move it here. I wasn't up to debating it, just wanted to make sure everyone knew it hit
 
Reply With Quote
  #25  
Old 02-24-2011, 12:00 AM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
I wasn't home all day but i check out my blog at work to make sure i don't have to update something as in the version. Whenever a patch or new version comes out, it has important security fix's besides other features.

Ok, let's keep the chit chat in another thread that will be made eventually.
 
Reply With Quote
  #26  
Old 04-05-2011, 01:16 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.1.1 Released

Quote:
WordPress 3.1.1 is now available. This maintenance and security release fixes almost thirty issues in 3.1, including:
WordPress 3.1.1 - Wordpress Official Blog
 
Reply With Quote
  #27  
Old 04-13-2011, 11:09 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
Wordpress.com Hacked

Those of you who use Wordpress.com for your blogs need to be aware of this.

Quote:
Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.

Based on what we’ve found, we don’t have any specific suggestions for our users beyond reiterating these security fundamentals:

•Use a strong password, meaning something random with numbers and punctuation.
•Use different passwords for different sites.
•If you have used the same password on different sites, switch it to something more secure.
(Tools like 1Password, LastPass, and KeePass make it easy to keep track of different unique logins.)

Our investigation into this matter is ongoing and will take time to complete. As I said above, we’ve taken comprehensive steps to prevent an incident like this from occurring again. If you have any questions or concerns, please leave a comment below or contact our support.
Matt Mullenweg, Wordpress
Wednesday, April 13th, 2011 at 4:46 pm.
Security Incident

Snakeair also found this: 18 Million WordPress.com Blogs Compromised In Attack
 
Reply With Quote
  #28  
Old 04-26-2011, 08:16 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.1.2

Quote:
WordPress 3.1.2 is now available and is a security release for all previous WordPress versions.

This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.
continued: Official Wordpress Blog: WordPress 3.1.2
 
Reply With Quote
  #29  
Old 05-25-2011, 03:29 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.1.3 is available now

Quote:
WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements:

■Various security hardening by Alexander Concha.
■Taxonomy query hardening by John Lamansky.
■Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
■Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
■Improves file upload security on hosts with dangerous security settings.
■Cleans up old WordPress import files if the import does not finish.
■Introduce “clickjacking” protection in modern browsers on admin and login pages.
WordPress 3.1.3 (and WordPress 3.2 Beta 2) - Wordpress Official Blog
 
Reply With Quote
  #30  
Old 06-22-2011, 01:50 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
Passwords Reset - Wordpress Development Blog

Quote:
Posted June 21, 2011 by Matt Mullenweg. Filed under Security.

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)

As a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.

Second, if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version.
Passwords Reset
 
Reply With Quote
  #31  
Old 06-24-2011, 12:53 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WP-phpMyAdmin Plugin Hacked — Backdoor Vulnerability

Quote:
WordPress Security Alert: Hacked WP-phpMyAdmin plugin — found vulnerable backdoor. Remove it!

Over the past few weeks, I have been cleaning several hacked WordPress sites for clients and found a commonality, the WP-phpMyAdmin plugin. This caught my eye because I don't see this plugin being used very often.

I began to wonder, is the WP-phpMyAdmin plugin vulnerable? And asked myself, why would a webmaster use this plugin to access their database?

I asked one of the victim's of hacker attacks why he had this plugin installed. He stated:...
WP-phpMyAdmin Plugin Hacked — Backdoor Vulnerability - WPSecurity Lock Blog
 
Reply With Quote
  #32  
Old 06-29-2011, 12:34 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.1.4 (and 3.2 Release Candidate 3)

Quote:
WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions.

This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening measures thanks to the work of WordPress developers Alexander Concha and Jon Cave of our security team. Consult the change log for more details.
WordPress 3.1.4 (and 3.2 Release Candidate 3) - Wordpress Development Blog
 
Reply With Quote
  #33  
Old 07-04-2011, 09:19 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.2 now available

Before you install this release, read this post first:
Quote:
WordPress 3.2 is going to be released very soon, and we want you to be ready! Take note: the minimum requirements are changing.

PHP and MySQL
As of 3.2, you’ll need to be running PHP 5.2.4 and MySQL 5.0. As we mentioned almost a year ago when we announced that this change was coming, the percentage of people running older versions of PHP and MySQL is relatively low. With more than 45 million people using WordPress, though, even a small percentage can mean a lot of people! Don’t caught with your pants dashboard down — make sure you’re running compatible versions of PHP and MySQL before you update tomorrow when WordPress 3.2 is released.

Log in to your hosting account, and check to make sure you have at least PHP 5.2.4 and MySQL 5.0. Most of the major hosts already default to these or newer versions, but there are some exceptions. Check to see which versions you are running, and if you’re still on an older version, it should be as simple as changing a dropdown menu and clicking Save to get up to date.
Continued: Are You Ready for WordPress 3.2? - Posted July 3, 2011 by Jane Wells

Quote:
Here in the U.S. we are observing Independence Day, and I can’t think of a more fitting way to mark a day that celebrates freedom than by releasing more free software to help democratize publishing around the globe. I’m excited to announce that WordPress 3.2 is now available to the world, both as an update in your dashboard and a download on WordPress.org. Version 3.2 is our fifteenth major release of WordPress and comes just four months after 3.1 (which coincidentally just passed the 15 million download mark this morning), reflecting the growing speed of development in the WordPress community and our dedication to getting improvements in your hands as soon as possible. We’re dedicating this release to noted composer and pianist George Gershwin.
WordPress 3.2 now available - Posted July 4, 2011 by Matt Mullenweg
 
Reply With Quote
  #34  
Old 07-12-2011, 10:15 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.2.1

Quote:
After more than a million downloads of WordPress 3.2, we’re now releasing WordPress 3.2.1 into the wild. This maintenance release fixes a server incompatibility related to JSON that’s unfortunately affected some of you, as well as a few other fixes in the new dashboard design and the Twenty Eleven theme. If you’ve already updated to 3.2, then this update will be even faster than usual, thanks to the new feature in 3.2 that only updates files that have been changed, rather than replacing all the files in your installation.
WordPress 3.2.1 - Wordpress Blog
 
Reply With Quote
  #35  
Old 07-20-2011, 10:54 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
Google Analytics for WordPress Plugin Vulnerability Fixed

Quote:
The Google Analytics for WordPress plugin was found with a XSS scripting vulnerability, if the track outbounds clicks option was selected.

This issue was found by David Whitehouse and James Slater of DavidNaylor.co.uk and notified the develop right away. The developer, Joost de Valk took immediate action and got this security issue fixed.

On July 20, 2011, this plugin was updated in the WordPress.org Plugin Repository to version 4.1.3 and is available for immediate download.
Continued: Google Analytics for WordPress Plugin Vulnerability Fixed
 
Reply With Quote
  #36  
Old 08-04-2011, 07:40 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
Many WordPress blogs at risk from image-based zero-day vulnerability

Quote:
...It turns out the backdoor was a previously-unexploited, or at least a previously-undocumented, flaw in a useful little WordPress addon, shared by many WordPress themes, called timthumb.

Timthumb is an 864-line PHP script which assists with automatic image resizing, thumbmailing and so forth. (It doesn't squeeze the image manipulation code into those 864 lines, but uses the third-party GD library.)...
Full article and a solution: Many WordPress blogs at risk from image-based zero-day vulnerability
 
Reply With Quote
  #37  
Old 12-12-2011, 04:53 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.3 “Sonny”

Quote:
The latest and greatest version of the WordPress software — 3.3, named “Sonny” in honor of the great jazz saxophonist Sonny Stitt — is immediately available for download or update inside your WordPress dashboard.

WordPress has had over 65 million downloads since version 3.0 was released, and in this third major iteration we’ve added significant polish around the new user experience, navigation, uploading, and imports
Continued: WordPress 3.3 “Sonny”
December 12, 2011 by Matt Mullenweg
 
Reply With Quote
  #38  
Old 12-12-2011, 05:02 PM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
Geez, i'm about to login to my blog right now and you beat me to this update.
 
Reply With Quote
  #39  
Old 01-03-2012, 03:18 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.3.1 Security and Maintenance Release

Quote:
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K. and the Go Daddy security team for responsibly disclosing the bug to our security team.
WordPress 3.3.1 Security and Maintenance Release - January 3/12
 
Reply With Quote
  #40  
Old 04-20-2012, 09:15 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,657
iTrader: 5 / 100%
WordPress 3.3.2

Quote:
WordPress 3.3.2 is available now and is a security update for all previous versions.
WordPress 3.3.2 (and WordPress 3.4 Beta 3) - Apr 20/12 Wordpress Blog

See the complete post for list of security improvements.
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 7 (0 members and 7 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sms Alerts Beergoggles Web Design Lobby 3 07-03-2007 10:10 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 09:34 PM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC