WordPress Wednesday News: WordPress 2.3.3 Security Must Upgrade, Plugins Vulnerable, Automatic Upgrades, and More

Filed as Features on February 6, 2008 10:45 am

WordPress 2.3.3 is a mandatory security release. WordPressMU also upgraded. WordPress Plugins face security issues – have you checked yours recently? New WordPress Podcast out. Getting excited about automatic upgrades coming to the next version of WordPress. And more WordPress news.

WordPress News

Mandatory Security Upgrade: WordPress 2.3.3 is a mandatory security upgrade covering a vulnerability in xmlrpc.php and includes a few bug fixes. A mandatory security upgrade is not option. It is a required upgrade for the security and safety of your blog.

WordPress Plugin Security Issues and Announcements: In the section below, there are a lot of new WordPress Plugin security issues and announcements for various WordPress Plugins. If you are using any of these Plugins, please follow the recommendations for fixing, upgrading, or deactivating them from your WordPress blog. Once these are public knowledge, hackers can easily track them down and take advantage of them. If you are a WordPress Plugin author and developer, it is essential that you learn what these security flaws and vulnerabilities are in order to protect your Plugin users from known security issues.

WordPressMU Mandatory Upgrade: In accordance with the mandatory security upgrade for WordPress 2.3.3, Donncha O’Caoimh has announce the release of WordPressMU 1.3.3 based upon that security release.

WordPress Podcast: The latest episode of the WordPress Podcast is out and includes information on WordPress 2.3.2, the jump to WordPress 2.5, Automattic’s new funding, security issues, free custom-designed WordPress Themes for high PageRank blogs, WordCamp Dallas, new and updated Plugins, and a lot more WordPress news.

Automatic WordPress Upgrade The issue of making WordPress easier to upgrade is back on the front burner again with the discussion, Integrate Automatic Upgrade, on the WordPress trac list. The developers are working hard to get the automatic upgrade feature into the core by WordPress 2.5, though it might be delayed until the next release, and to make it as secure and easy-to-use as possible.

Last Week’s WordPress Wednesday News: Last week’s WordPress Wednesday News report covered WordCamp Hamburg Success, Automatic Upgrades Coming, $5,000 Bounty, Prologue Theme, and WordPress Wins Again, if you would like to catch up with the news on WordPress.

WordPress Security News

WordPress SecurityThe latest release of WordPress 2.3.3 is a mandatory security release, fixing some recent vulnerabilities found in WordPress.

WordPress Plugin Security News: The following is a list of recent announcements about security issues found in WordPress Plugins.

The most recent news on general WordPress security issues includes:

To check your blog’s security, try WPIDS – WordPress Intruder Detection System and WP Scanner WordPress Plugin.

WordPress on Your Calendar

WordPress Events CalendarAutomattic’s Publisher Blog has some news on the upcoming Dallas WordCamp in Texas on March 29-30, 2008. Registration is filling fast and the The line-up of speakers includes some of the best in WordPress.

Coverage of WordCamp Hamburg continues to appear, mostly in German and some in English, with participants eagerly sharing new tips and ideas for using WordPress and making the most of their blogs. If there is a WordCamp near you, go. If you are interested in setting up a WordCamp, stay tuned for news and information on to bring a WordCamp event near you.

Here are some WordPress-related dates and events to put on your calendar as found on the WordPress Roadmap and the WordPress Meetup Group Listings (subject to change):

Are you involved with a WordPress group or club in your area? Make sure you announce meetings on the WordPress Meetup list and email me so I can add it to the calendar.

WordPress.com News

WordPress.com W logoContent Theft and WordPress and WordPress.com: There is a lot of confusion about WordPress and WordPress.com blogs and content copyright violations – is WordPress responsible and which WordPress. I wrote about this in Content Theft and WordPress and basically, WordPress.org is not responsible for copyright violations, but WordPress.com will help you with copyright violations as they are a web host and work under the DMCA laws in the United States. The article includes tips from the WordPress.com support staff on how to report copyright violations on WordPress.com blogs.

Prologue Twitter Style WordPress Theme: As mentioned, the new Prologue, a WordPress Theme from now on WordPress.com, and allows a Twitter-style communications blog.

Three Gigabytes of Free Storage on WordPress.com: The WordPress.com blog has announced all bloggers on WordPress.com is now entitled to 3 gigs of free storage, a six-fold increase. This will allow users to upload podcasts and video without much distress. If you need more, the paid storage is now increased from one gig to five gigs.

New To WordPress.com: If you are new to blogging on WordPress.com, check out this basic guide on What Do I Do With My New WordPress.com Blog?.

WordPress Plugins and Themes News

WordPress Plugins DatabaseWordPress Theme PDF Chart: Dorobantu offers a PDF file called WordPress Anatomy to help with developing a WordPress Theme.

Reset Query in WordPress Themes and Plugins: Nerdaphernalia discusses automated indexes and wp_reset_query() and how WordPress Theme and Plugin authors should take advantage of the wp_reset_query() to the WordPress Loop to avoid conflicts with other code running in your templates.

Tracking WordPress Compatibility: It’s often difficult to track what Plugin and Theme is compatible with which WordPress version. In the are two “master” pages that list all the various compatibilities: WordPress Theme Compatibilities and WordPress Plugin Compatibilities. No matter which version you are using, and in preparation for the next version of WordPress, add these to your WordPress resource list to check before you upgrade.

Guide to WordPress Theme Offerings: Dawud Miracle offers The Ultimate Resource for Free WordPress Themes, a listing of sources for WordPress Themes that appear to be free of hidden and unwanted code and links.

Interesting WordPress Plugins: I’m constantly amazed at how many creative and useful WordPress Plugins are released each week. Aren’t you?

Plugin Authors: Take Advantage of the WordPress Plugin Repository: Weblog Tools Collection reports on the WordPress Plugin Repository working in combination with Plugins on the WordPress Plugin Directory, which gives Plugin authors the ability to post and assign bug tickets to their Plugin and have an easier way of reporting and monitoring bug reports.

Writing to WordPress Standards: If you are developing WordPress Plugins or Themes, your first step is to visit the , the online manual for WordPress Users, especially the WordPress Coding Standards and Writing a Plugin articles.

Finding WordPress Plugins: For more WordPress Plugins see the official WordPress Plugin Directory, the WordPress Plugins Database, and Weblog Tools Collection Plugin and Theme announcements.

WordPress Techniques and Tips

Here are some featured articles and videos from around the WordPress Community and the , the online manual for WordPress Users, the source to turn to first for your WordPress help.

NOTE: If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts.

WordPress Community News

WordPress Community graphicAutomattic Official WordPress “News” Blog: Published by Automattic, the WordPress Publisher Blog showcases sites using WordPress and WordPress.com in ways that push the limits of what WordPress can do, and offers other news and information on using WordPress from WordPress developers.

Vote for WordPress Ideas: There is still time to get your vote in for ideas on upcoming verisons of WordPress in the The section. Why not take advantage of it and add your voice to the vote.

Found a Bug in WordPress? If you find a bug in WordPress, report it by following the instructions in Reporting Bugs on the , the online manual for WordPress Users.

Using WordPress in Your Blog’s Name: WordPress is a trademark and you are not allowed to use WordPress in your blog’s name or URL unless you have permission of and . Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).

Looking for a WordPress Expert? If you are looking for a WordPress expert, try the WordPress Consultants list the WordPress Jobs listings, and the WP-Pro mailing list.

WordPress Installed For Free: Installing WordPress for Free (aka Install4Free WordPress) is a free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.

If You Are Reading This: If you are reading this blog post NOT on the or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.

Even More WordPress News?

Past WordPress Wednesday News Reports

WordPress News Sources


Each Wednesday on is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: lorelleonwordpress@gmail.com

Tags:

This post was written by

You can visit the for a short bio, more posts, and other information about the author.


Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By Tom Johnson posted on February 6, 2008 at 11:10 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Wow, this is an incredible amount of useful news and information. Thanks for putting it together.

    Reply

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current ye@r *