Warning: Declaration of thesis_comment::start_lvl(&$output, $depth, $args) should be compatible with Walker::start_lvl(&$output, $depth = 0, $args = Array) in /home/directm7/public_html/wpblogger/wp-content/themes/thesis/lib/classes/comments.php on line 0

Warning: Declaration of thesis_comment::end_lvl(&$output, $depth, $args) should be compatible with Walker::end_lvl(&$output, $depth = 0, $args = Array) in /home/directm7/public_html/wpblogger/wp-content/themes/thesis/lib/classes/comments.php on line 0

Warning: Declaration of thesis_comment::start_el(&$output, $comment, $depth, $args) should be compatible with Walker::start_el(&$output, $object, $depth = 0, $args = Array, $current_object_id = 0) in /home/directm7/public_html/wpblogger/wp-content/themes/thesis/lib/classes/comments.php on line 0

Warning: Declaration of thesis_comment::end_el(&$output, $comment, $depth, $args) should be compatible with Walker::end_el(&$output, $object, $depth = 0, $args = Array) in /home/directm7/public_html/wpblogger/wp-content/themes/thesis/lib/classes/comments.php on line 0
Yet Another WordPress Security Release - 2.8.4 - WPblogger | WPblogger

Yet Another WordPress Security Release – 2.8.4

by Ben Cook on August 11, 2009

Yet Another WordPress Security FAIL

No, it’s not GroundHog’s day, and yes you probably DID just upgrade all your WordPress installations.

But if it seems like every time you turn around there’s another WordPress security release, well that’s because this (version 2.8.4) is the 4th release in less than 5 weeks.

And, lest you think the WordPress coders are just developing new features THAT quickly, the three most recent releases have all included security issues.

The latest security problem allows anyone to automatically reset the password of the first user in the user table. Naturally, that user is most often the administrator & while this exploit doesn’t allow anyone to gain access to your site, it could definitely be a hassle.

WordPress has become the default blogging platform of choice, and as the user base continues to grow, it’s only natural that more and more people will dedicate their time to finding exploits or weaknesses in the code. However, if WordPress wants to remain the most popular platform they’d better get their act together and stop releasing sloppy code.

Don’t get me wrong, I appreciate all the people that volunteer their time to improve the open source platform, but there’s just no excuse for this many security releases this close together.

Whether it means bringing more developers & testers into the mix or whether Automattic has to hire a devious minded developer to expose these kinds of vulnerabilities BEFORE they’re released into the wild, something has to be done, and soon.

Backup!

As always, make sure you backup your sites before you upgrade. I’ll be publishing a post later in the week detailing how to easily stay up to date with your backups just in case something crazy happens… like yet another exploit being found in the latest version of WordPress.

Image source: http://www.flickr.com/photos/crazycups/

{ 1 comment… read it below or add one }

Garry August 24, 2009 at 2:29 am

I appreciate all the people that volunteer their time to improve the open source platform, but there’s just no excuse for this many security releases this close together.thanks.

Previous post:

Next post: