Two days ago I wrote about the upcoming features in WordPress 3.1. And then, bam, a required security update, version 3.0.2, has been released. It’s been awhile since we’ve seen one of these (anyone remember the 2.8 series) and I do recommend updating WordPress to address this security issue.
The big issue being fixed is the following:
Fix moderate security issue where a malicious Author-level user could gain further access to the site.
To me, that sounds like if there is only one author on the site – you – then this is a non-issue. But, many installations do have multiple authors and the update does fix other bugs and adds additional security.
If you want to read about all the bug fixes and other items included with the security release, you can do so at the WordPress Codex.
As always, backup your site before upgrading. If you would like assistance, please contact me.
photo credit: jurvetson
Hi Kim,
The first and best thing that has been fixed in this version WP 3.0.2 was a bug that made it possible for users with editor status to access the entire sajten.Det security hole is now blocked.
Hi Marbella – Yeah – that is not a good bug :-)
Another yay for me, having all guests email me their posts. ;-)
Hi Dennis – That does sound like fun :-)
Well, it’s not that I don’t trust anyone…..
I am not sure if it was just me but I installed this update on three test blogs and when the upgrade was complete I was unable to access the main page, the admin page or even the FTP.
I contacted my host’s support and they said those three servers had somehow had their permissions changed. Didn’t happen to any of my others that did not receive the upgrade. :/
Hi Dean,
I haven’t had any trouble with the ones that I’ve done. Often when the site is unavailable it’s due to an issue with a plugin. Since all sites were on the same host I would question if it were related to an issue with them …
Thanks for the heads up, Kim. You’re my go-to when it comes to wordpress updates. :-) There’s just too many things to keep up, and there have been cases like Dean that makes me wonder whether or not to upgrade after all. But eventually, it’s something we all should do. You bet a backup is needed, just in case. Really hope no ‘big’ issues after the upgrade, finger cross.
@wchingya
Social/Blogging Tracker
Hi Ching – As long as you have the backup any problem encountered can be corrected. I’ve found that disabling plugins before upgrading can help stop this type of problem from happening.
I haven’t run into any issues with the updates that I’ve done.
I used to find all the updates annoying but now that it can all be done automatically, at the click of the mouse it’s not that much of a hassle.
I must admit though that I don’t always do a backup before updating. I must get out of that bad habit.
Hi Sire – Ack! Please don’t tell me that you don’t backup ;-) I’m such a stickler about it …
I honestly don’t Kim, I’m just that slack, and it’s so easy to do as I’ve even got the plugin installed so all it takes is a few clicks.
Maybe it’s because that very same plugin sends me daily backups, but even so it’s always a good idea just to be sure.
Hi Sire – Oh, if you have daily backups then you are backing up ;-)
Well, that’s OK then. Now I don’t feel so bad. Damn why the realization of that didn’t come to me sooner, I had to wait for some shiela to point it out to me. :D