The developers of WordPress.org work proactively to provide you with safe open-source publishing software.
As critical bugs and vulnerabilities are reported, the WordPress developers work diligently to fix them and release maintenance versions.
They do take WordPress security seriously.
On December 18, 2009, WordPress version 2.9 “Carmen” was released.
- Fix #1 — WordPress 2.9.1 was released on January 4, 2010. This release fixed 24 bugs, including a scheduling problem with posts and pingbacks not being processed correctly due to incompatibilities found with some hosts.
- Fix #2 — WordPress 2.9.2 was released on February 15, 2010. This release fixed 7 bugs, including a vulnerability found that logged in users could see other authors trashed posts.
On June 17, 2010, WordPress 3.0 “Thelonious” was released.
- Fix #1 — WordPress 3.0.1 was released on July 29, 2010. This release fixed 54 minor issues found.
- Fix # 2 — Approximately 20 minutes after this release was made public, Andrew Nacin sent out a tweet that one bug fix was left out and asked that anyone who had already installed this new version to reinstall the applications.
As you can see by the above time frame, the developers of WordPress work quickly to take care of security vulnerabilities and bug fixes.
You can see the list of all WordPress versions, release dates and change logs here:
How are these security vulnerabilities and bugs found?
In order for the developers to continue to improve WordPress, fix bugs or security vulnerabilities, we need to work as a community to help them.
Keep in mind, some errors are trivial, while others are critical. As a WordPress user, you should report any critical bug or security issue you find to them as soon as possible.
WordPress.org has put together procedures for you to report security vulnerabilities, issues found in the core of WordPress, bugs found in plugins and themes, etc. Go to:
Reporting WordPress Bugs:
- Procedures for reporting WordPress bugs
- Reporting a security problem to WordPress
- WordPress Plugin Repository Bug Tracking System
- How to report a bug found in a WordPress plugin
- Active Tickets for WordPress Plugins
We need your help!
Please remember to do your part, contribute! Let's all work as a team to continue to keep our websites safe. If you find any WordPress vulnerabilities or bugs, please report it to WordPress.org!
Have you ever reported an issue to WordPress? Did you find their response time sufficient? Were you aware that you could report bugs to WordPress? Let us know by leaving a comment below.