WordPress: Security Update 2.6.3 Released
Earlier this week, I asked if you were an early adopter with WordPress upgrades. Following on the heels of that inquiry is a WordPress security update, which brings WordPress up to version 2.6.3. If you are running 2.6 or higher, you can see the message about the upgrade on your dashboard.
A vulnerability has been found with the snoopy.php file, which is responsible for the RSS feeds on your dashboard. This is not a crucial issue but snoopy.php is used by a number of plugins so, as always, I recommend upgrading.
There is, however, good news for people who are already running 2.6.2. According to Joost de Valk, at yoast.com, only three files need to be updated if you are already running the most recent version. Replacing three files via ftp or your cpanel file manager is SO much easier than a full upgrade. The three files are:
- wp-includes/class-snoopy.php
- wp-includes/version.php
- wp-admin/includes/media.php
Joost also warns to make sure that you replace wp-admin/includes/media.php and not /includes/media.php
Of course, if you are running a version earlier than 2.6.2 you will need to do the full upgrade. As always, backup everything first.
I replaced the three files on this site this morning and everything is working fine. I have two more installations to upgrade as well as my testing server, which I will do later today.
Over at The Blog Herald, Chris Garrett asks if WordPress has too many upgrades too often. I know we’ve touched upon this issue in the early adopter article but what do you think? Are there too many upgrades? Are you glad that security issues are addressed immediately? Do you think upgrades / updates should be simplified? Feel free to answer here or over at The Blog Herald – quite a discussion has started there already.
photo credit: Brad & Sabrina
Related Posts:
October 24, 2008 at 11:36 am
YES there are too many upgrades and YES it should be simplified!!!
It’s exhausting.
Vered – MomGrind’s last blog post – Advertising Sucks
October 24, 2008 at 12:10 pm
I havent even upgraded to the new WordPress yet!
Carla’s last blog post – Its not too late to plan a green Halloween
October 24, 2008 at 3:15 pm
@Vered – It should be easier somehow. But, on the other hand, it is free.
@Carla – If you haven’t upgraded, you could just wait for 2.7 in a couple of weeks. Since I was already running 2.6.2, it was easy enough to copy over the three files.
October 25, 2008 at 4:44 am
I don’t mind how often Wordpress releases updates as long as they don’t force them on me like some programs. I can’t stand updating and try to avoid doing it as much as possible. It’s like I have to learn and get acclimated to an entirely new program every time I update.
Wesley’s last blog post – I wish I never had to sleep.
October 25, 2008 at 9:12 am
I personally don’t mind upgrading WordPress…because I have the automatic upgrade plugin. Works for me every time. I like to keep my stuff updated. Those messages drive me crazy.
Matthew Dryden’s last blog post – The Writer Touch
October 25, 2008 at 9:32 am
@Wesley You can use the auto-upgrade plugin or follow the instructions I wrote for manual upgrades.
http://www.kimwoodbridge.com/upgrading-wordpress-manually/
Sometimes upgrading is necessary for security reasons.
@Matthew – Hi! Thanks for visiting and commenting. Perhaps you liked my comment over at Writer Dad. It’s getting a little unpleasant in that thread.
It might not be the wisest thing to do, but there is a plugin that will turn off the upgrade message in the dashboard.
http://wordpress.org/extend/plugins/disable-wordpress-core-update/
October 25, 2008 at 2:21 pm
Thanks for the info about the three files to upgrade. That’ll make my job a lot easier!
I appreciate the upgrades, especially the security upgrades, however many there are. I don’t always upgrade right away, but I do when I’m sure everything’s stable. I’d rather upgrade frequently than have security vulnerabilities.
Mike Nichols’s last blog post – What is Mental Health? Living with Health, Wellness and Wholeness
October 25, 2008 at 3:54 pm
Hi Mike,
This time around it’s very easy for people already running 2.6.2. It took me about 10 minutes to do 4 sites.
I’ve never had a security problem with WordPress but have heard terrible stories – I can’t imagine going to my site and finding out that it was hacked.
October 25, 2008 at 9:01 pm
I’ve had about all the tweakin I can handle for awhile. I was trying to transfer hosts (child’s play) and was down for 5 days. I think I’ll wait a bit!
BloggerNewbie’s last blog post – You’ve Gotta Be Kidding Me!
October 25, 2008 at 11:22 pm
Hi – I guess I wouldn’t want to upgrade after all that either. :-)