a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2.
The majority of readers here are probably not effected but you should be aware.
Added the video on upgrading if you need it below.
The method of upgrading has not changed so even though it says 2.7.1 it is still valid.
About the author
Mike Paetzold got started blogging in 2003 and has become an expert on using WordPress. He has become known as The WordPress Guy.
After being an under ground niche marketer using his blogs he has surfaced to share some of the ways he uses blogs to enter various niches profitably.
Back after taking 3 days off for a rare occasion and I just noticed that there was more new out abut WordPress 2.9. Seems there have been some problems with certain versions of PHP curl extensions.
This has caused some problems with scheduled posts and trackbacks. Personally I have had no problems but it does look like there will be a 2.9.1 very shortly as they are beta testing it right now.
With this news if you have not upgraded yet to WordPress 2.9 then I would recommend waiting until 2.9.1 is released. A few days to only upgrade once seems the best way to deal with it to me.
As I mentioned before Christmas I am really looking for your questions about blogging and WordPress in particular. I am looking to start a series of answers here very shortly. Your input is needed for the topics that matter to you.
About the author
Mike Paetzold got started blogging in 2003 and has become an expert on using WordPress. He has become known as The WordPress Guy.
After being an under ground niche marketer using his blogs he has surfaced to share some of the ways he uses blogs to enter various niches profitably.
Amazing what always happens when I am busy – a new WordPress release. Course I have been busy playing plumber and getting ready for tonight’s call.
Just got a chance to upgrade and test the new release. Here is what WordPress says about the release.
The headline changes in this release are:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
Glad to see them do this new hardening rather than wait for it to be incorporated in 2.9. There have been a few malicious items running around that this should help you to avoid.
That post also announced a plugin that I am testing called WordPress Exploit Scanner. It checks your data base and plugins for strange files but only notifies you it does not correct things which is good. Mine came out clean but will be checking regularly.
Added the auto upgrade video below. Make sure you grab your data base first just in case.
It was originally done for 2.7 upgrades but nothing has changed so no need for a new video.
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
I always recommend you be using the latest version and this thing seems to be a nasty little bug. Have heard from a couple friends that they have had this and it is a bear to fox.
Make sure that you have your blogs updated to the latest version.
Okay another upgrade was released today and yes I may be a bit frustrated. On the one hand I am very happy that they address security flaws as quickly as possible but …
It is easy to get frustrated with the number of updates lately. Because it is a security update you should follow through on it and I have added the video below that walks you through the process. You can see the details of it on the WordPress blog.
Well for those looking for the newest version of WordPress they released the first beta version of 2.8 yesterday. I have added it to this blog today and it seems to be working fine so far.
Have been running the latest nightly builds on the beta blog so was not really surprised and did not expect any problems but Murphy does live at my house. Previously I covered some of the changes such as being able to add new themes the way that you can add plugins now.
So just a heads up that if the beta goes well and so far at least for me it has then you can expect the live release shortly.
Yesterday afternoon WordPress released the first upgrade to the 2.7 series – 2.7.1. This is the first time you can use the new auto upgrade. I created a short video to show you how to do that and the backups BEFORE you click the upgrade button.
This upgrade fixes 68 tickets per the latest update on the WordPress blog. I have upgraded with no problems on this on my blogs.
Hope this helps you to stay on top of the new upgrade.
As always your questions and comments are welcomed.
That has to be one of the biggest questions I get when people ask should they uipgrade their blog? I created a video to walk you through not only the upgrade process but how to undo it if your theme causes a problem.
The key is to make sure that you have backed things up FIRST.
You should back up your data base, wp-content folder and the wp-config.php.
The video is about 8 minutes long but with the pauses the whole process of upgrading and undoing it took less than 15 minutes.
Hope this helps you and shows you that IF you back up FIRST it is not a hard process to undo it if you need to.
I do recommend that you check your theme and plugin compatibility first and decide if you want to change them before upgrading if they are not compatible.
As always your questions and comments are welcomed.
Looks like the release of WordPress 2.7 will be the 10th. You might want to look at compatibility ahead of time.
With the security release of WordPress 2.6.5 there won’t be a security reason to rush to the new version but the new features are quite nice. There will be a bit of learning curve until you get used to the new look but it will be the last time you will have to upgrade from outside.
Like the plugin updates in the current version you will be able to upgrade within the dashboard. And yes before someone tells me I know there has been a plugin to do that already.
You should check out your theme for compatibility along with your plugins. You may also want to check your host for compatibility.
Here are some links where you can check each of these out.
)
