Earlier this week, I asked if you were an early adopter with WordPress upgrades. Following on the heels of that inquiry is a WordPress security update, which brings WordPress up to version 2.6.3. If you are running 2.6 or higher, you can see the message about the upgrade on your dashboard.
A vulnerability has been found with the snoopy.php file, which is responsible for the RSS feeds on your dashboard. This is not a crucial issue but snoopy.php is used by a number of plugins so, as always, I recommend upgrading.
There is, however, good news for people who are already running 2.6.2. According to Joost de Valk, at yoast.com, only three files need to be updated if you are already running the most recent version. Replacing three files via ftp or your cpanel file manager is SO much easier than a full upgrade. The three files are:
Joost also warns to make sure that you replace wp-admin/includes/media.php and not /includes/media.php
Of course, if you are running a version earlier than 2.6.2 you will need to do the full upgrade. As always, backup everything first.
I replaced the three files on this site this morning and everything is working fine. I have two more installations to upgrade as well as my testing server, which I will do later today.
Over at The Blog Herald, Chris Garrett asks if WordPress has too many upgrades too often. I know we’ve touched upon this issue in the early adopter article but what do you think? Are there too many upgrades? Are you glad that security issues are addressed immediately? Do you think upgrades / updates should be simplified? Feel free to answer here or over at The Blog Herald – quite a discussion has started there already.
photo credit: Brad & Sabrina