A new version of WordPress has been released just a few hours ago by the WordPress team. The update is considered critical and fixes a security vulnerability and some minor bugs. The security flaw was found in the implementation of the XML-RPC which would allow any registered user to edit comments of other users using a specially crafted request.
Webmasters have two choices on how to secure and update their blog. The first is to use the official update process described on the WordPress homepage which involves downloading the full distribution and replace the old files with it. A faster way which webmasters with a lot of blogs will probably prefer is to replace the xmlrpc.php with the updated one which will fix the security vulnerability but leave the minor bugs in place.
That’s probably the better solution if you never encountered them. The bugs will automatically be fixed with the next big release of WordPress. Just make sure you update at least the security vulnerability in xmlrpc.php.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.
Related Articles:
WordPress 2.8.2 Security PatchWordPress 3.03 Security Update Released
WordPress 2.6.5 Security Update
WordPress 2.8.6 Security Update
WordPress 3.0.4 Released, Fixes Critical Security Vulnerability
The security flaw is described as “a specially crafted request would allow any valid user to edit posts of any other user on that blog.” What if you only have one user registered for a blog? Is it still a major security concern?