WordPress version 3.1.3 has been released to the public as of May 25, 2011.
This is an important security update and it helps protect your WordPress blog. This release includes security fixes and enhancements, including the new feature “clickjacking” protection.
We recommend you upgrade to WordPress version 3.1.3 ASAP.
WordPress version 3.1.3 includes the following security fixes and enhancements:
- Various security hardening by Alexander Concha.
- Taxonomy query hardening by John Lamansky.
- Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
- Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
- Improves file upload security on hosts with dangerous security settings.
- Cleans up old WordPress import files if the import does not finish.
- Introduce “clickjacking” protection in modern browsers on admin and login pages.
I found a great article by Lucian Constantin explaining these new security fixes and explainations. He goes into great detail on the new “clickjacking” protection feature and more. Be sure to check it out here.
Files Revised in WordPress 3.1.3:
- readme.html
- wp-admin/admin-ajax.php
- wp-admin/custom-background.php
- wp-admin/custom-header.php
- wp-admin/includes/class-wp-plugins-list-table.php
- wp-admin/includes/import.php
- wp-admin/includes/media.php
- wp-admin/includes/post.php
- wp-admin/includes/template.php
- wp-admin/includes/update-core.php
- wp-admin/ms-delete-site.php
- wp-admin/plugins.php
- wp-admin/press-this.php
- wp-app.php
- wp-includes/canonical.php
- wp-includes/class-oembed.php
- wp-includes/default-filters.php
- wp-includes/formatting.php
- wp-includes/functions.php
- wp-includes/meta.php
- wp-includes/post.php
- wp-includes/query.php
- wp-includes/taxonomy.php
- wp-includes/theme.php
- wp-includes/version.php
- wp-login.php
In other news, the WordPress developers report that they are on schedule for WordPress 3.2. They have just released WordPress 3.2 Beta 2 for testing purposes. It is not recommended that you use it on production sites.
Important!
As we get ready for the new release of WordPress 3.2, it's a good time to make sure that your site is currently running on a minimum of PHP 5.2 and MySQL 5.0.15 or higher. Once WordPress 3.2 is released, PHP 4 and MySQL 4 will not be supported by WordPress. And you will not be able to upgrade to the newest version. Not sure if your website meets these requirements? You can check easily by installing the Health Check plugin. More information here.
WordPress & Security Resources:
- WordPress News: 3.1.3 Security Hardening Update
- WordPress Codex: Version 3.1.3
- WordPress Trac: 3.1.3 Change Log
- Download WordPress 3.1.3
- WordPress Codex – Updating WordPress
- Upgrading WordPress Extended
- Download WordPress 3.2 Beta 2
Important!
If you're self-hosting WordPress on your own domain, you need to protect it by upgrading to WordPress 3.1.3 as soon as possible.
Leave your feedback
Have you upgraded to WordPress 3.1.3? Did you upgrade WordPress automatically through the Dashboard or manually? Do you have any WordPress plugin issues with WP version 3.1.3? If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.
Securely yours,
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan
BackupBuddy first…
Automatic upgrade without a hitch.
Thanks Regina!
Thanks for the heads up Regina. This is the first I’ve heard of this and I have a busy day ahead of me upgrading my blogs.
This is a great site, I just ran into a problem with my meta log in. After logging in I see the wordpress backoffice tabs and when i try to access my dashboard nothing appears. I have to log out of everything so I can access it.
This started yesterday and is becoming a very annoying problem any ideas why this is happening??
Thanks,
Joe Torculas
Hi Joe,
When you did your update it may have missed a file or it had an issue during the update and part of a file got messed up. I would upload each folder manually via FTP (wp-admin, wp-content, wp-includes) and then the other files that come with WordPress 3.1.3.
Hope that helps.
How do you enter your picture in comment blogs, I can’t seem to find it on my wordpress back office??
Thanks
Joe
Hi Joe,
You just go to http://gravatar.com, create an account and then you can add your image to your email address you use on the web.
~ Regina
Hi Regina,
My updates went well and I have not noticed any problems so far. I did the automatic update. I also want to add that I have recently added the limited log-ins plugin to my sites, and wow, do I like it! My one site, for whatever reason, gets hit almost everyday with people trying to guess my password. So I change it every so often and make sure it is not an easy one to guess. I get emails everytime someone gets locked out. After I had so many, I set the settings really high, so that with more than 2 attempts they would get locked out for at least 2 days. That will discourage the same ones from trying so often!
I will have to check into the PHP status of my site….
Hi Ruth,
Thanks for your comment. Glad to hear it went smoothly for you. Great that you’re using the limited logins plugin. I use Login Lockdown on mine and has really made a difference.
Another one I use is http://wordpress.org/extend/plugins/search.php?q=lockdown-wp-admin. Works great.
I appreciate the need to security harden web products but some more testing before release would be great instead of getting us users to do it.
Since upgrading to 3.1.3 I have been continually having errors running plugins which use AJAX, Cache plugins and the entire plugin system itself is apt to fall to its knees.
The famous WP White screen of death isn’t great and to me suggests segfaulting or insufficient error reporting.
Grrr… rant over for now,
Ian
How to Upgrade your WordPress Blog in a Minute via SSH………………. Having to upgrade your WordPress install every time a new version is released is necessary but also very boring. If you have a SSH access to your server heres a very quick way to upgrade your WordPress install..This is probably the most important step of this whole tutorial always backup your WP Database and files.
Thanks for sharing this.
I upgraded from Wp-Admin and everything work perfect. 🙂
Don’t ya just love with that auto upgrade works 🙂