WordPress 3.4 has been released! We recommend that everyone running WordPress to upgrade as it will ensure a more secure and faster running site, plus some other neat additions. According to The WordPress website, “This release includes significant improvements to theme customization, custom headers, Twitter embeds (see example of one below), and image captions.” Click here for more details!
WordPress 3.4 “Green” http://t.co/1mSdDiZw
— Daniel Trimpey (@DanielTrimpey) June 14, 2012
The latest release, 3.3.2, of WordPress is now available. We recommend that everyone upgrade their installs of WordPress and and plugins you are running to ensure you are running the most secure and reliable system for your website. Here are the details of the release.
If you run a WordPress website, especially if you use a pre-built template, there is a good chance that your theme uses the timthumb.php script for resizing images. That script was found to be exploitable several months ago, and there has been updates released to patch your file, but many don’t know how to do it or even that they need to.
Enter the Timthumb Vulnerability Scanner. This is a free plugin for WordPress that will scan your site to see if you are using an outdated version of the timthumb.php file and if so, fix it for you.
If you host with Page Progressive, then we’ve scanned our server and patched any old timthumb.php files but if you are hosting elsewhere, it’s possible your host has not scanned for it and you may need to check to make sure you are not vulnerable to this exploit. It could lead to your site getting hacked and allow malware to be distributed though it, and that will ruin just about anyone’s day.
We ran into this article and felt we should share this as a reminder to all website owners to keep their WordPress install and plugins up to date. To our knowledge, none of our clients are running the “ToolsPack” plugin that I am aware of unless they installed it themselves, but we still HIGHLY recommend that you always update your WordPress and plugins regularly. It’s very simple to do in the admin area. Here is a video explaining how.
Please note the below update from the WordPress team. If you are running WordPress, don’t forget to update your plugins and WordPress regularly!
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.
Yesterday Matt Mullenweg, a bigwig with the WordPress content management system, posted this:
Last week we released WordPress 3.2, a version focused on making WP faster and lighter with a refreshed dashboard, new Twenty Eleven theme, a zen writing mode, and more: http://wordpress.org/news/2011/07/gershwin/
We waited to email because there were some issues with the JSON module on some web hosts, which the just-released version 3.2.1 fixes. Download from WordPress.org or click the update button in your dashboard to get the latest.What else is new? We’re doing a census of the WordPress World, if you have 5 minutes take this survey:
http://wpsurvey.surveydaddy.com/s/wp-2011-e?src=ema
We’re going to tally up the results and present them in my State of the Word talk next month in San Francisco, so send it to everyone you know who uses WordPress so we get the most representative sample.
There are also some fun WordCamps approaching in San Diego, Portsmouth, Boston, Chicago, Fayetteville, St. Louis, San Francisco, and Los Angeles:
Hope to see you at one soon!
Stay cool,
Matt
Below is an update from WordPress.org:
“Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.”
WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions.
This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!
Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.