On Monday February 7, 2011, WordPress has released an important update. Quoting from WordPress.org …
“WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions. This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening.”
WordPress 3.0.5 is for ALL previous versions of WordPress.
As far as the untrusted user account scenario, two moderate security issues were fixed that may have permitted a Contributor/Author level user to obtain escalated access to more of your site. This release fixes a problem where Author-level user could view contents of posts that should not have been available for them to see. These included drafts and posts marked private.
Plugin security has been enhanced by code changes to properly leverage the WordPress security API. Another fix added further defense against a vulnerability addressed in an earlier release.
Important!
If you're self-hosting WordPress on your own domain, it is important that you upgrade your WordPress as soon as possible. I ran the automatic update via my “Dashboard” one one of my sites and was finished in a couple of minutes. However, remember that we recommend using a manual upgrade process and upload the latest code to your site with sftp.
Resources
- WordPress News: 3.0.5 Security Hardening Update
- WordPress Codex: Version 3.0.5
- Download WordPress 3.0.5
- WordPress Codex – Updating WordPress
- Why you should use SFTP for file transfers
Leave your feedback
Have you upgraded to WordPress 3.0.5?
Did you use the automatic upgrade or do it manually?
If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.
Get Secure! Stay Secure!
Allen Dresser
Internet Tech Guy
www.internettechguy.com
http://twitter.com/internettechguy
Allen,
Thanks for letting us all know right away to upgrade to WordPress 3.0.5 and pointing out why it’s so important to update WP.
~ Regina Smola
Thanks for the info! Gotta stay on top of things! I heard of someone getting links injected to their posts. Not sure how that happened!
Be safe out there! 😉
Paul.
I am working on fixing a hacked WordPress site for a client right now that had WP 3.0.4 and had script injected at the bottom of every post, page and attachment inside the database. Not fun.
Stay safe as well.
Thanks for your comment 🙂
How does something like that happen? What can be done to prevent it? Thanks for everything!
Paul – thanks for checking in! Your site is providing solid encouragement and the focus on gratitude is often overlooked in our “me first” culture. Let us know what questions you have.
Thanks, Regina – love your site!
Hi Victoria,
Thanks for the kudos 🙂
Thanks for the email and heads up!
You’re welcome Jeff.
I just clicked to upgrade to 3.0.5 automatically and all of a sudden my page is gone, and “Briefly unavailable for scheduled maintenance. Check back in a minute” appears on my site.
I’m freaking out a little. It took me two solid weeks to build my site, and I’m going to love my mind if it’s broken and needs to be rebuilt.
Anyone else have this issue? Did it actually come back a few minutes later?
@alexanderblake
Hi Blake,
Thanks for letting us know what happened. Your case is the first where upgrading 3.0.5 said briefly unavailable for scheduled maintenance. I’ll check to see if that’s a new built in feature.
I just checked your website and it’s back up for me. How’s it on your end?
~ Regina
Thanks for the update Regina
May I ask that your next blog post will be about – what files to be deleted (especially ones from older upgrades that were done manually)
That would be great 😀
Let me know if you are going to make a post like this
THanks
I have a site that I am trying to update to 3.0.5 through the automatic update.
When I click on the Update Automatically button, it takes me to the update page and it begins unzipping the file. Then it hangs there. I actually timed it to see how long it took. After 30 minutes, I moved backto the dashboard and there I got a message that the update failed. I have tried several times all with the same result. And, plugins will not update either.
Does anyone have any idea as to where I can look for the problem? I have upgraded other sites to 3.0.5 automatically with success (on other hosting companies). So, I suspect there is something amiss behind the scenes with my problem site. Have been looking for inklings as to where to look but have not had much success.
Thanks for any pointer you can provide.
Lilia – some things to try. Is this a primary site? If so, be sure and run a backup and then try these steps. Deactivate all the plugins, try the update, if successful, go ahead and update all plugins BEFORE activating them. If all that still does not work, you will need to manually update.
To manually update, follow the steps at WordPress at the link below
http://codex.wordpress.org/Upgrading_WordPress_Extended
update to wordpress 3.05 adn disappear my preview pictures.