• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WPSecurityLock – Malware removal & WordPress security services

WPSecurityLock – Malware removal & WordPress security services

WordPress security, malware removal, repair, backups, ongoing maintenance, installation, site migration & support services – WP Security Lock.

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About
    • About Us
    • Speaker Information
    • Contact Us by Phone, Email or Live Chat
    • Testimonials
  • Security Services
    • Malware / Virus Removal
    • WordPress Security and Installation Services
    • Monthly Security Packages
    • SSL Conversion Service (HTTP to HTTPS)
  • Blog
  • Resources
  • Contact
  • SafeWP

WordPress 3.0.2 – Mandatory Security Update

December 1, 2010 By Regina Smola 26 Comments

WordPress 3.0.2 Upgrade Security ReleaseWordPress released a mandatory security update to the public on November 30, 2010. Please be advised that you need to upgrade your WordPress version to 3.0.2 immediately.

WordPress Security Issues / Enhancements

According to WordPress.org, a moderate security risk was found that could allow a malicious Author-level user further access into your website. This issue has been fixed in WordPress 3.0.2.

WordPress 3.0.2 also addresses a handful of bugs and provides some additional security enhancements such as:

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme.
  • Multisite: Fix the delete_user meta capability.
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins.
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string.
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs.

Were there any files deleted in this release?

WordPress 3.0.2 uses all the same files and nothing became obsolete, but 12 files were changed.

Here is a list of WordPress Files that were Revised in 3.0.2:

  1. readme.html
  2. wp-admin/includes/file.php
  3. wp-admin/includes/plugin.php
  4. wp-admin/includes/update-core.php
  5. wp-admin/plugins.php
  6. wp-includes/canonical.php
  7. wp-includes/capabilities.php
  8. wp-includes/comment.php
  9. wp-includes/functions.php
  10. wp-includes/load.php
  11. wp-includes/ms-files.php
  12. wp-includes/version.php

Upgrading to WordPress 3.0.2

We tested the automatic upgrade from the Dashboard > Updates and also did a manual upgrade. Both were successful.

For WordPress security, please upgrade to WordPress 3.0.2 immediately.

Plugin Conflicts:

After upgrading to WordPress 3.0.2, we noticed an intermittent error message when creating a new post caused from the MaxBlogPress Ping Optimizer Plugin. This error comes and goes:

Warning: Missing argument 1 for PingOptimizer::__mpoFetchPostDetails(), called in /PATH/WORDPRESS/wp-content/plugins/maxblogpress-ping-optimizer/maxblogpress-ping-optimizer.php on line 503 and defined in /PATH/WORDPRESS/wp-content/plugins/maxblogpress-ping-optimizer/mpo-lib/include/mbp-ping-optimizer.cls.php on line 135

Leave Your Feedback

How was your upgrade experience with WordPress 3.0.2? Did you have any issues with this release? Let us know by leaving your comment below.

Securely yours,

Regina Smola

WordPress Security Specialist
Follow on Twitter @WPSecurityLock
Become a Facebook Fan

Additional Resources:

  • WordPress 3.0.2 News
  • Download WordPress 3.0.2
  • Codex WordPress Version 3.0.2
  • Updating WordPress
  • Upgraded WordPress Extended

Filed Under: WordPress Security Tips Tagged With: secure wordpress, upgrade wordpress, wordpress 3.0.2, wordpress bugs, wordpress security, wordpress upgrade

Reader Interactions

Comments

  1. andy says

    December 1, 2010 at 7:42 pm

    updates went smoothly for ghettohacker.org and pcmagicrepairs.org. Thanks for the heads up, and I love what you’er doing here, keep it up!

    Reply
    • Regina Smola says

      December 2, 2010 at 11:00 am

      Glad it worked Andy. Thanks for your kind words.

      BTW, pcmagicrepairs.org doesn’t work, but .com does. A typo maybe?

      Reply
  2. Daniel Fenn says

    December 1, 2010 at 6:33 pm

    Hello,

    Thank you for giving the heads up about updating wordpress. I decided to let wordpress do everything for me, so automatic upgrade it went. The only thing that went wrong was that I needed to re-upload my index.php file that a wordpress plugin is using. (http://www.wp-united.com/) Other than that, it all fine 🙂

    Daniel Fenn, MTA

    Reply
    • Regina Smola says

      December 1, 2010 at 6:38 pm

      Hi Daniel,

      Thanks for your feedback. Glad to see that the automatic upgrade worked okay. Glad you caught the index.php file upload.

      If you don’t mind me asking, which plugin causes you to use a different index.php file for WP?

      Keep us informed if you notice any plugins acting up.

      Reply
      • Daniel Fenn says

        December 1, 2010 at 6:45 pm

        Hello,

        I’m using a plugin called WP-united (http://www.wp-united.com/), It more of a plugin for phpbb, but it does have a wordpress part as well. Just a small quote from their home page:

        “WP-United glues together phpBB forums and WordPress blogs.

        From simple single sign-on, to fully automatic template integrations, WP-United can help you create a fully-featured, compelling community site.”

        Hopes this help 🙂

        Daniel Fenn, MTA

        Reply
        • Regina Smola says

          December 1, 2010 at 6:49 pm

          Great, thanks for sharing. That’s the first plugin I have heard of that requires you to manually change the WP index.php file.

          Reply
  3. Jorge I. Meza says

    December 1, 2010 at 6:38 pm

    I upgraded today and now I can’t “edit” posts, it shows me a 404 error 🙁

    Reply
    • Regina Smola says

      December 1, 2010 at 6:44 pm

      Hi Jorge,

      Wow that’s not good. Did you do an automatic or manual upgrade? And do you have a backup?

      Let me know if you need my help.

      Reply
      • Jorge I. Meza says

        December 2, 2010 at 1:36 pm

        False alarm. I think it was a coincidence between the upgrade and a couple of words in the post blacklisted by mod_security.

        All seems to be running fine now 🙂

        Reply
        • Regina Smola says

          December 3, 2010 at 11:03 am

          Jorge, I’m so glad you got it fixed.

          Reply
  4. Sakamoto says

    December 1, 2010 at 6:46 pm

    I had some issues with the upgrade. Seems as if it put my site into Maintenance Mode for about 20 to 30 minutes before finally failing the upgrade, but when I tried the automatic upgrade again, it went through fine. I’m guessing the servers were quite busy this morning!!

    Reply
    • Regina Smola says

      December 1, 2010 at 6:50 pm

      Yes, sounds like the server was having a timeout issue. Glad that it worked for you!

      Thanks for sharing.

      Reply
  5. John Soares says

    December 1, 2010 at 7:12 pm

    Regina, I just updated about ten sites using the automatic option. They all use either Thesis 1.7 or 1.8, and about half of them have custom-designed themes.

    No problems!

    Reply
    • Regina Smola says

      December 2, 2010 at 10:56 am

      Awesome. Thanks for your input John.

      Reply
  6. David Perdew says

    December 1, 2010 at 8:46 pm

    Hey Regina –

    Thanks for the heads up! No issues on the upgrade. Automatically upgraded in less than 5 seconds. Love it when it works.

    Reply
    • Regina Smola says

      December 2, 2010 at 11:33 am

      Hi David,

      Thanks for your comment. I love when it works and quickly too!

      Reply
  7. Joan Stewart says

    December 2, 2010 at 8:37 am

    Hi Regina,

    Thank you for a wonderful site, has anyone moved WP 2.8 straight up to WP 3.0.2? Or must this be stepped up one level at a time? I have been nervous to make the move due to the horror stories you hear.

    Reply
    • Regina Smola says

      December 3, 2010 at 11:26 am

      Hi Joan,

      When upgrading from an older version, such as 2.8, you should make sure you have a working backup of your server files and also your database.

      My suggestion would be to make a new database and copy your current database into it, then change your wp-config.php file to the new database before upgrading. That way if something goes wrong you can quickly switch back to your old database.

      Since your version of WordPress is so outdated, there are many files that are now obsolete and vulnerable if they are left on the server. So you should follow the Upgrading WordPress Extended instructions.

      If you need any help, just ask 🙂

      Reply
  8. Mal Milligan says

    December 7, 2010 at 9:12 am

    Did the recent WP 3.0.2 security update drop fresh copies of Askimet and Hello Dolly plugins on every site I updated? I had previously deleted them for security reasons. Now a few days after the WP core file update there is a black update button on all my dashboards saying there is a new version of Askimet. I am dreading the thought of it but do I have to go into all my sites now and delete them again manually? Regards –

    Reply
    • Regina Smola says

      December 7, 2010 at 12:14 pm

      Hi Mal,

      Good question. Unfortunately, the answer is yes. If you use the automatic update it will always install any files included in that update, which happens to be those two plugins.

      When I upgrade, I do it manually so that I can pick what I want to upload. For instance, I remove the readme.html file, so when I do a manual update I skip that file.

      However, if you enjoy the automatic update feature, you have to always remember to delete want you want removed from your WP site.

      I hope that helps.

      Reply
      • Mal Milligan says

        December 9, 2010 at 7:04 pm

        After getting 30 sites pwned by a sql injection during the summer, I did everything I could to minimize exposure, including evolving into a minimalist when it comes to plugins. I have all my sites spread out in smaller CPanel container groups now too so hopefully I won’t loose everything with a cross site script attack (again). But I have to think now about the best way to do these updates. Updating dozens of sites is a lot of work… there has to be a way to script part of the operation and run it like a cron job after the updates… thanks for your reply Regina !! Have a great week ! Mal

        Reply
        • Regina Smola says

          December 10, 2010 at 6:48 pm

          Hey Mal,

          I understand your frustration, believe me I can relate. LOL I update WordPress sites all day every day for others and my own.

          Not to rain on your parade, but there is no script that I know of to do what you’re asking.However, if you find one, please please let me know. It would cut my workload way down. 🙂

          Reply
  9. Joe Cheray says

    December 10, 2010 at 10:01 am

    Regina I have WP Genius theme from Solostream. I updated yesterday via my dashboard with no hassles. Everything is working normally. Thank you for putting together this post.

    Reply
    • Regina Smola says

      December 10, 2010 at 6:46 pm

      Hey Joe,

      Awesome! It’s so nice when updates run smoothly.

      Reply
  10. Kathy Pop says

    December 10, 2010 at 3:26 pm

    Well. I updated a few and have had no issues so far.

    i do have a question. In the updates section on some of my blogs, it gives the version number and says whether there is an update avail or not and others have ”

    You are using a development version of WordPress. You can update to the latest nightly build automatically or download the nightly build and install it manually: ” This message shows all the time. Do you know why I get this on some blogs and others I get the “normal” update message?

    Reply
    • Regina Smola says

      December 10, 2010 at 6:44 pm

      Thanks for your question Kathy. You are receiving this message because you’re using the developer’s version of WordPress on those sites.

      For more information see: http://codex.wordpress.org/Using_Subversion.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s work together:

Get in touch with us and send some basic info about your project. Don't be shy, we can help with just about anything.

Contact Us!

Footer

  • Facebook
  • LinkedIn
  • Twitter

Contact

Call 815-600-7270
Contact
Mo,Tu,We,Th,Fr 9:00 am – 5:00 pm

Get WordPress Help Now

Chat With Us!
Submit A Support Ticket

Copyright © 2025 | WP Security Lock, Inc