WordPress 2.8.5 Security Update is out!

WordPress.org has released their latest security update. WordPress 2.8.5 is out now!wordpress

Over the past few months WordPress.org has worked hard towards securing their popular blogging platform. In the process they managed to close some serious security loopholes in WordPress 2.8.4. Now they have released another security update to their popular blogging platform in the form of WordPress 2.8.5.

They have identified a number of security hardening changes which they say were back-porting to 2.8 branch and they are suggesting that all bloggers and websites using wordpress 2.8.4 must now upgrade to wordpress 2.8.5 and make all your sites as secure as possible.

The important changes in this release are:

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

Also Peter at WordPress.org made a wise suggestion at the release:

He suggests If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner.

WordPress Exploit Scanner is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.  You can download this plugin here – “WordPress Exploit Scanner”

We suggest that everyone ugprades to the latest version; WordPress 2.8.5 to ensure you have the best protection available for your blog.

Read more about the latest WordPress security release and download wordpress 2.8.5, click here!

[Source: WordPress.org]

This post was published by on October 22, 2009

About the Author: Thilak Rao works as a Social Media Expert. He is one of the first professional bloggers from India, and he loves to write, travel and click photos. Follow him on Twitter @thilak

  • http://www.shoutmeloud.com/ Harsh Agrawal

    Saw this update Yesterday and the first thing which I did
    was Backup my Db and updated the wordpress. Though wordpress are releasing very quick update.. :|

  • himansh

    This is a nice release from WordPress. DDOS attack via trackback relief is nice.I
    am eagerly waiting for the new version WordPress 2.9. It will be interesting to see
    what will come out from the WordPress box to its users.

  • http://meghan.in/ Meghan Naik

    Glad to know that you upgraded! My guess is that there will be another security update before 2.9. They seem to working hard on fixing loopholes in WordPress.

  • http://meghan.in/ Meghan Naik

    DDOS attacks are a pain to handle. I'm looking forward to 2.9 but i'm sure there will be more minor upgrades before 2.9.

  • http://meghan.in/ Meghan Naik

    Glad to know that you upgraded! My guess is that there will be another security update before 2.9. They seem to working hard on fixing loopholes in WordPress.

  • http://meghan.in/ Meghan Naik

    DDOS attacks are a pain to handle. I'm looking forward to 2.9 but i'm sure there will be more minor upgrades before 2.9.