WordPress 2.8.6 Security Release : For People Who Have Untrusted Authors

Posted by Pubudu Kodikara on Nov 13, 2009 in News, Web | 2 comments

Recently (November 12) WordPress have released another update 2.8.6! This is a security update which fixes several security issues detected while testing the system. Actually its very important for us to put these security updates….. as I think, if you have a website, the first thing you must ensure is the security, because the net is a very un-secure place! Before updating, lets see what have they fixed!

As they say the first Problem is an XSS vulnerability which is also known as Cross-site Scripting. It is found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. (Info from Wikipedia)

The second one, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Which have been discovered by Dawid Golunski.

Now what do we have to do?

What we have to do is backup our WordPress system and put this update to save our skins! Lets see how to do it :

• 1st Backup your system (from FTP, Cpanel, or you can use plugins like WP-DBManager, WordPress Backup and WordPress EZ Backup | Don’t use all of them!)
• When your ready login to your WordPress dashboard
• Go to Tools > Upgrade and do an automatic backup.

Congrats! If you follow the above steps, your now secured! But, that doesn’t mean that your completely secured…. remember what I said, the net is a very unsecured place! So, here-after make sure that your WordPress system is up-to-date!