WordPress Security Alert and Upgrade Help
Over the past 24 hours we’ve been inundated with questions about a serious WordPress security issue that is reaching a critical mass. It appears that a worm is using old versions of WordPress to replicate and infect blogs around the Internet. If you are using a version of WordPress prior to 2.8.4 (the current version at the time of this alert) you must upgrade immediately.
There are many reasons why a WordPress user may put off upgrading. Maybe you don’t believe an upgrade is necessary, or you’re afraid that an upgrade might break a custom theme. It’s possible that you simply don’t know how to upgrade WordPress. If you’re running an older version of WordPress and you’ve avoided upgrading for any of these reasons, please take a few minutes to watch the video below. The video explains why it’s crucial that you upgrade NOW and walks through many common upgrade scenarios.
Get the Flash Player to see this player.
Related Links:
- How to Upgrade WordPress (covers manual upgrades and includes demonstration of the backup plugin).
- Best Practices for Upgrading WordPress
- WordPress Database Backup Plugin
- How to Keep WordPress Secure
- Old Versions of WordPress Under Attack
- WordPress Security Help
Best Practices for Upgrading WordPress
We’re all understandably excited about the latest release of WordPress. There’s a temptation to download the newest version as soon as it becomes available, and upgrade all of our blogs immediately. New is always better, right?
Well, yes and no. The new version of WordPress is undoubtedly an important upgrade, with an impressive array of new features and usability enhancements. On the other hand, if you don’t take care in the upgrade process you might just find yourself regretting the day you jumped on the upgrade bandwagon.
In most cases, upgrading WordPress is a simple and painless process. Occasionally, though, something goes wrong. This video will guide you through the best practices in planning your WordPress upgrade. The goal is to ensure that your upgrade goes smoothly, and that you remain a happy WordPress blogger.
In addition to watching the video, please take a moment to complete our WordPress upgrade survey. We’re interested in hearing about your upgrade plans, and we’re looking for guidance on how best to present training material during this time of transition.
Resources:
- WordPress upgrade survey
- WordPress 2.5 Plugin Compatibility List
- WordPress 2.5 Theme Compatibility List
- Semiologic forum
- Upgrading WordPress Video — Includes backup plugin
WordPress 2.3.2 Released – Be Sure to Upgrade
A not so minor upgrade to WordPress was released last week. I say “not so minor”, because version 2.3.2 addresses several urgent security vulnerabilities. As always, I advise that everyone upgrade their WordPress blogs as soon as possible. Since this round of changes focuses on fixing bugs and patching security, there should be no issues with theme or plugin compatibility.
If you need help with a manual upgrade, be sure to check out our video on the subject.
Also of interest, it was recently announced that the next point release of WordPress will be 2.5 instead of 2.4. The delay has been attributed to a large number of new features, as well as the holidays (even WordPress developers need a break around Christmas). Expect version 2.5 to arrive in late March.
Upgrading WordPress
The WordPress system is upgraded fairly regularly. That’s a good thing, for a number of reasons. In addition to providing new features, upgrades address critical security issues and patch annoying bugs.
However, the only way to benefit from WordPress upgrades is to actually install them. Many hosting services even offer a simple one-click upgrade. If that’s the case, then there’s almost no reason why you should delay in upgrading when a new release is available.
Manual upgrades are also fairly easy (remember, WordPress is the blogging system that takes only five minutes to install). This video demonstrates the manual upgrade process and discusses some of the precautions you’ll want to take before you perform an upgrade.
If you’re following along at home, you’ll probably want to install the plugin below and backup your data before you begin:
