WordPress released a security update to the public on December 8, 2010. It is recommended that you upgrade your WordPress version to 3.0.3 immediately.
WordPress Security Issues / Enhancements
This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.
Were there any files deleted in this release?
WordPress 3.0.3 uses all the same files and nothing became obsolete, but 4 files were changed.
Here is a list of WordPress Files that were Revised in 3.0.3:
- readme.html
- wp-admin/includes/update-core.php
- xmlrpc.php
- wp-includes/version.php
Upgrading to WordPress 3.0.3
We tested the automatic upgrade from the Dashboard > Updates and also did a manual upgrade. Both were successful.
For WordPress security, please upgrade to WordPress 3.0.3 immediately. This WordPress update (3.0.3) only affects you if you have remote publishing enabled on your blog.
Plugin Conflicts:
None known at this time. If you have any concerns about a plugin conflict, please let us know so that we can look into it and make recommendations.
How do I know if I have Remote Publishing Enabled?
Simply follow these easy steps:
- Log-in to your wp-admin Dashboard;
- Look on the left side of your Dashboard and click on “Settings.”
- Under Settings, look for and click on “Writing”.
- Once the Writing window is open, scroll down to about the middle of the page and look for “Remote Publishing”. If you have checked the boxes (see screenshot below) it is enabled.
It's up to you whether or not you require this feature. Regardless, it is always recommended that you upgrade your WordPress site(s) to the latest current version, which is WordPress 3.0.3.
Leave Your Feedback
How was your upgrade experience with WordPress 3.0.3? Did you experience any problems when upgrading? Let us know by leaving your comment below.
Securely yours,
Regina Smola
WordPress Security Expert
Follow on Twitter @WPSecurityLock
Become a Facebook Fan
No problems with the five blogs I updated using Thesis 1.8.
Hi John,
Glad to hear all five blog updates went smoothly. So far so good on WordPress 3.0.3.
I hope this is the last security update until the next big release. I can’t wait to see what’s in store for 3.1 that’s scheduled for the end of December, 2010.
No problems with the two blogs I updated. Do use the developer version of Automatic WordPress upgrade as it backs up your Database and Files as part of the upgrade. It is much better than the built-in WP upgrade which leaves you to manually backup your files and Database
Hi Robert,
Glad it went well for you. Good point on the developer version of Automatic WordPress upgrade. Gotta love auto backups.
Hello,
Wow only a week and there a new update? Thanks for giving the head up. This time I decided to do the update by hand so that I don’t need to worry about the index.php file issue 🙂
Daniel Fenn, MTA
Hi,
I updated about 30 blogs without a hitch. I just used the regular automatic update and it went smooth as possible.
Herschel Lawhorn
I finally did this security update today. I’ve been putting it off because for some reason, the Autumatic Upgrade doesn’t work for me for WordPress. For plug-ins it works great, but not for the WP upgrade. 🙁 I just over-wrote those four files via FTP and it worked easy as pie.
Which Automatic Upgrade are you referring to Dawn?. There is a developer version and a much less inclusive Auto Upgrade built-into WordPress. The Developer version is available as a plug in at wordpress.org it’s title is WordPress Automatic Upgrade(I’ve never had a problem using it and in fact highly recommend it as well as donating money to him for a great plug in.