Upgrading to WordPress 2.8.5

21 October, 2009 - 06:36 AM - 6 Comments

In an effort to keep your WordPress installations as secure as possible, WordPress 2.8.5 is released which closes up some security gaps and helps your installation become more secure.

The primary fixes for version 2.8.5 of WordPress include:

* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.

The company recommends all WordPress users to upgrade to 2.8.5 as soon as possible to minimize your security risks, they also have listed a link to the WordPress Exploit Scanner to use and scan your website to see if your site may have been compromised and there are any possible “risky” files or intrusions.

One note the WP-Exploit Scanner tries to allocate 256MB by default and this can cause a crash on some web hosting providers where you are on a shared hosting plan with a Memory limit. You can edit the plug-in php and turn down or up the amount of memory you want the scanner to use by adjusting this line:
define( ‘WP_MEMORY_LIMIT’, ’256M’ );

I have upgraded all 7 of my managed blogs to WordPress 2.8.5 this morning and have not seen any issues, I didn’t do the automatic upgrade though and did the manual install (is faster when you run so many blogs).

-Dragon Blogger

Upgrading To WordPress 2.8 I found some noticeable new features right away with WordPress 2.8, including the editor which contains numbered lines now in...
WordPress 2.9.1 Released: Fixes Pings and Scheduled Posts Wordpress 2.9.1 was released and fixes the issues with pingbacks and scheduled posting that showed up with Wordpress 2.9, upgrade...
WordPress 2.8.6 Released: Upgrade Now The latest fix Wordpress 2.8.6 addresses vulnerabilities with sites who have multiple authors and uploads that can be exploited to...
WordPress 3.0.2 Mandatory Security Fix Wordpress 3.0.2 is released and has a mandatory security fix that is essential for multi author blogs who have writers...
Upgrade to WordPress 2.9.2 Upgrading to Wordpress 2.9.2 will close the security hole where contributors can see posts in your trashcan even if they...

Written by Justin Germino (1518 Articles Published)

Working in the IT Industry for over 10 years and specializing in web based technologies. Dragon Blogger has unique insights and opinions to how the internet and web technology works. An Avid movie fan, video game fan and fan of trying anything and everything new.

Follow Justin Germino on Twitter @dragonblogger

festivalplanet

This fix is to plug a possible security issue and i dont care how often they release such updates. The patch is simple and quick to install and i cannot believe Wordpress is still free. Its awesome.
.-= festivalplanet´s last blog ..Auckland gets new music festival =-.

share flag

spam
offensive
disagree
off topic

Harsh Agrawal

Saw this update Yesterday and the first thing which I did
was Backup my Db and updated the wordpress. Though wordpress are releasing very quick update.. :|

matblogger

Coincidentally I just upgraded my blog to 2.8.5. Frankly I'm not sure if its a good idea for wordpress to be coming out with so many new updates frequently. But with the automatic upgrade its typically painless, so I cant complain much :)
.-= matblogger´s last blog ..So how do you get an iTunes account if you are in Malaysia? =-.

dragonblogger

They are security fixes and a necessity, these versions aren't just for the same of adding features. Consider them like you would Windows OS patches, they are needed.

Heather Kephart

Oh Geez, not again! I'm always afraid I'm going to delete my blog when I upgrade.
Oh well, I suppose I should quit bitching and be appreciative that Wordpress stays on top of these things (and you too!). Off to upgrade...
.-= Heather Kephart´s last blog ..Fuzzmail sheds light on what is hidden =-.