On Monday February 7, 2011, WordPress has released an important update. Quoting from WordPress.org …
“WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions. This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening.”
WordPress 3.0.5 is for ALL previous versions of WordPress.
As far as the untrusted user account scenario, two moderate security issues were fixed that may have permitted a Contributor/Author level user to obtain escalated access to more of your site. This release fixes a problem where Author-level user could view contents of posts that should not have been available for them to see. These included drafts and posts marked private.
Plugin security has been enhanced by code changes to properly leverage the WordPress security API. Another fix added further defense against a vulnerability addressed in an earlier release.
If you're self-hosting WordPress on your own domain, it is important that you upgrade your WordPress as soon as possible. I ran the automatic update via my “Dashboard” one one of my sites and was finished in a couple of minutes. However, remember that we recommend using a manual upgrade process and upload the latest code to your site with sftp.
- WordPress News: 3.0.5 Security Hardening Update
- WordPress Codex: Version 3.0.5
- Download WordPress 3.0.5
- WordPress Codex – Updating WordPress
- Why you should use SFTP for file transfers
Leave your feedback
Have you upgraded to WordPress 3.0.5?
Did you use the automatic upgrade or do it manually?
If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.
Get Secure! Stay Secure!