In an effort to keep your WordPress installations as secure as possible, WordPress 2.8.5 is released which closes up some security gaps and helps your installation become more secure.
The primary fixes for version 2.8.5 of WordPress include:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
The company recommends all WordPress users to upgrade to 2.8.5 as soon as possible to minimize your security risks, they also have listed a link to the WordPress Exploit Scanner to use and scan your website to see if your site may have been compromised and there are any possible “risky” files or intrusions.
One note the WP-Exploit Scanner tries to allocate 256MB by default and this can cause a crash on some web hosting providers where you are on a shared hosting plan with a Memory limit. You can edit the plug-in php and turn down or up the amount of memory you want the scanner to use by adjusting this line:
define( ‘WP_MEMORY_LIMIT’, ’256M’ );
I have upgraded all 7 of my managed blogs to WordPress 2.8.5 this morning and have not seen any issues, I didn’t do the automatic upgrade though and did the manual install (is faster when you run so many blogs).
-Dragon Blogger
Related posts:
- WordPress 2.8.6 Released: Upgrade Now The latest fix Wordpress 2.8.6 addresses vulnerabilities with sites who have multiple authors and uploads that can be exploited to...
- WordPress 2.8.4 Security Update Yesterday I updated all 7 of my blogs to WordPress 2.8.4 to address the security fix that was mentioned below...
- Dealing with a Hacked WordPress Blog Wordpress php files can become hacked and your blog can be compromised, look for aWYoZnVu string in your .php files...
- Upgrade to WordPress 2.9.2 Upgrading to Wordpress 2.9.2 will close the security hole where contributors can see posts in your trashcan even if they...
- Find System Statistics with WP Security Scan Wordpress plugin WP Security Scan can tell you some great information about your system settings for your blog, like memory...
| via FaceBook, Twitter, RSS or Email | ![]() |
Enter your email and subscribe now!
Tags: blogging news, blogging tips, blogging with wordpress, keeping wordpress current, upgrade wordpress, upgrading wordpress, using latest wordpress, wordpress 2.8.5, wordpress news, wordpress security, wordpress security tips, wordpress.org










October 21st, 2009 at 8:12 am
Oh Geez, not again! I’m always afraid I’m going to delete my blog when I upgrade.
Oh well, I suppose I should quit bitching and be appreciative that WordPress stays on top of these things (and you too!). Off to upgrade…
Heather Kephart´s last blog ..Fuzzmail sheds light on what is hidden
[Reply]
October 21st, 2009 at 8:15 am
This upgrade was pretty painless, but always back up your wordpress first
[Reply]
October 22nd, 2009 at 3:43 am
Coincidentally I just upgraded my blog to 2.8.5. Frankly I’m not sure if its a good idea for wordpress to be coming out with so many new updates frequently. But with the automatic upgrade its typically painless, so I cant complain much

matblogger´s last blog ..So how do you get an iTunes account if you are in Malaysia?
[Reply]
October 22nd, 2009 at 6:13 am
They are security fixes and a necessity, these versions aren’t just for the same of adding features. Consider them like you would Windows OS patches, they are needed.
[Reply]
October 22nd, 2009 at 4:26 am
Saw this update Yesterday and the first thing which I did
was Backup my Db and updated the wordpress. Though wordpress are releasing very quick update..
[Reply]
October 22nd, 2009 at 3:29 pm
This fix is to plug a possible security issue and i dont care how often they release such updates. The patch is simple and quick to install and i cannot believe WordPress is still free. Its awesome.
festivalplanet´s last blog ..Auckland gets new music festival
[Reply]