No, it’s not GroundHog’s day, and yes you probably DID just upgrade all your WordPress installations.
But if it seems like every time you turn around there’s another WordPress security release, well that’s because this (version 2.8.4) is the 4th release in less than 5 weeks.
And, lest you think the WordPress coders are just developing new features THAT quickly, the three most recent releases have all included security issues.
The latest security problem allows anyone to automatically reset the password of the first user in the user table. Naturally, that user is most often the administrator & while this exploit doesn’t allow anyone to gain access to your site, it could definitely be a hassle.
WordPress has become the default blogging platform of choice, and as the user base continues to grow, it’s only natural that more and more people will dedicate their time to finding exploits or weaknesses in the code. However, if WordPress wants to remain the most popular platform they’d better get their act together and stop releasing sloppy code.
Don’t get me wrong, I appreciate all the people that volunteer their time to improve the open source platform, but there’s just no excuse for this many security releases this close together.
Whether it means bringing more developers & testers into the mix or whether Automattic has to hire a devious minded developer to expose these kinds of vulnerabilities BEFORE they’re released into the wild, something has to be done, and soon.
As always, make sure you backup your sites before you upgrade. I’ll be publishing a post later in the week detailing how to easily stay up to date with your backups just in case something crazy happens… like yet another exploit being found in the latest version of WordPress.