WordPress Portable is a free program for Windows that automatically ships with everything needed to run WordPress locally. All you need to do is to extract the package contents on your system after download and start the WordPress Portable executable afterwards.

The blog is available from that moment on and you can do all the things that you can do on a self-hosted WordPress blog as well.

Just open http://localhost/wordpress/ in your web browser to open the local WordPress installation. Click on log in and enter admin as the username and password to open the administrative interface of the blog.

First thing you may want to do is to upgrade the blog to the latest version. You should see a notification at the top of the admin interface on first run. The update takes considerably longer than it would on a remotely hosted website.

Once done you can start to install new themes and plugins, modify settings, and to start writing your first posts. You basically can do everything that you can do on a self-hosted WordPress installation.

The local installation can be used for several purposes. This includes local theme and plugin development and testing, testing new WordPress versions before you upgrade your live blogs on the Internet, or to showcase blogs to clients or friends. Another option is to use the local WordPress blog to store your own personal writings, a diary for instance or important information that you need to write down or want to collect.

WordPress Portable ships with Apache, PHP and MySQL included, which means that you do not have to install those technologies prior to installing the blog. New users benefit from the simplicity of the solution, while advanced users may like the ability to put the package on a portable drive or stick, or to use it to quickly run tests locally.

The project lacks documentation which can be a issue for some users. It is for instance not clear if and how Apache, MySQL and PHP can be updated to newer versions, or if it is possible to import the database of an existing blog (the later may be possible with the help of plugins).

WordPress Portable is only available for the Microsoft Windows operating system. Interested users can download the latest version of the package, weighting in at about 10 Megabytes, from the developer website.

The What’s New page at the WordPress Codex highlights the – many – changes of the new version. WordPress admins will instantly notice several changes to the applications admin interface. A new toolbar is displayed on top of the dashboard that combines the features of the admin bar and the admin header.

The new bar links directly to plugin and theme updates, comments awaiting moderation and the New menu with options to create new content on the blog. (There is a function to remove some of the elements that are shown in the admin bar. Credits to Sergej Müller)

Another change are “fly-out” menus in the admin interface. All submenus of a menu are displayed when you hoover the mouse over the menu. This saves a click and improves the admin’s workflow.

WordPress editors will notice a new file uploader. The developers have done away with the four upload buttons for specific type of media, and replaced it with a single button. The new uploader supports drag and drop operations and file browsing to select files to upload. Support for rar and 7z files have been added to the file uploader.

WordPress admins who switch between themes regularly will notice that widgets are not lost anymore when they do that.

A video has been created that highlights several of the new features.

The WordPress backend has been updated as well with hundreds of bug fixes and performance improvements. It is to early to tell if the improvements will have a significant impact on the blog’s server resource usage or loading times.

Have you updated your blog to WordPress 3.3 yet? If so, what do you think of the new version?

The WordPress developers suggest to update immediately, especially if users can register as contributors on the blog. WordPress 3.1.2 fixes several non-security related issues which you can see a list of at the issue tracker over at the WordPress website.

Nothing to spectacular fixed though, take a look below for the list.

• It’s tricky to drag metaboxes
• Apostrophe in first/last/nickname causes JS error on user profile page
• Missing closing </fieldset> in user-edit.php for “show admin bar”
• Multiple tag queries broken
• WP_User_Query ordered by post_count doesn’t work if prefix is not wp_
• WordPress 3.1.1 breaks date archive filtering by tag or category
• Walker_PageDropdown doesn’t filter titles correctly
• Too much escaping for pages when using Quick Edit

WordPress administrators can update their blogs either directly from the WordPress Dashboard with a click on the Update Automatically button, or by downloading the new release from the official WordPress website, uploading the files manually to the server and running the upgrade script afterwards.

I have just updated more than a dozen WordPress blog to version 3.1.2 and the automatic update worked without difficulties in every instance. WordPress admins should not encounter any page display problems on the frontend or backend after applying the update.

The update is not a security update which means that there is no rush to install it directly.

Among the new features is the option to link to existing content easier. This is done via the standard link button in the WordPress writing panel and the selection of “Or link to existing content”.

It is possible to search for related content or select one of the most recent items. The writing interface has been overhauled. The developers have many interface elements that were shown by default of the screen which should be beneficial to new users. All writing elements can be added again via the Screen Options at the top of the page.

Another addition is the new admin bar that is displayed to WordPress administrators when they navigate the WordPress frontend. The bar is actually not displayed on all of my blogs right now. I’m not sure why that is the case (likely because of CSS minifying or merging) but there is thankfully a way to disable the admin bar.

Open Users > Your Profile and locate Show Admin Bar near the top.  Remove the checkmark from “when viewing site” to disable it.

Other noteworthy features are:

• post formats, meta information used by themes
• network admin, moves the Super Admin menu out of the regular admin interface
• list-type admin screens, now sortable by column, better pagination
• exporter / importer, was overhauled.
• advanced queries, again something for developers
• custom content type improvements, again developer related
• refreshed blue admin color scheme

Interested users can visit the WordPress Codec for an in depth overview of all the features that have been added, improved or changed in the recent release.

WordPress administrators can upgrade their blog to WordPress 3.1 either directly from within the admin interface or by downloading WordPress 3.1 from the official website and installing the new version manually.

It is recommended to backup the blog before performing the update to be able to restore to a previous version in case something goes wrong during the update.

The official release notes mention that a moderate security issues have been fixed where “a malicious Author-level user could gain further access to the site”. In addition to that bugs have been fixed and security hardening added to the blog.

Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)
Fix canonical redirection for permalinks containing %category% with nested categories and paging. (#13471)
Fix occasional irrelevant error messages on plugin activation. (#15062)
Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
Clarify the license in the readme (r15534)
Multisite: Fix the delete_user meta capability (r15562)
Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)
Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536)

The WordPress devs recommend to update the blog immediately even if no additional authors are registered on a blog.

I have updated around 20 WordPress blogs by now and there were no plugin incompatibilities or other issues related to the update.

At the moment, notifications are shown to Live Spaves blog owners informing them about the upgrade possibilities.

Users have the option to upgrade right away, download the blog to the PC, delete their space or be redirected to their space if they do not want to make a decision at that moment.

The blog post surprisingly does not mention a timeframe for the migration. The notification after login however mentions that the clock is ticking which seems to suggest that Microsoft will eventually make the decision for the user.

Live Spaces users who opt to migrate to WordPress need to complete the following steps to do so:

Step 1: Connect

In this first step the Live Spaces users is asked to either log into an existing WordPress account, or click on the Connect button to log into Windows Live and connect the account with WordPress.com

Step 2: Creating a WordPress account.

In this step the user account gets setup if no previous WordPress.com user account exists.

Step 3: Creating the WordPress blog

Here it is possible to select a destination for the Live Spaces blog. Options are to create a new blog, or to select an existing blog.

current user new blog

Step 4: Migration

The whole process is explained in detail at the WordPress site, and I suggest existing Live Spaces users visit that page prior to migrating their blog to WordPress.

Microsoft is also offering support at the official Spaces Forum, which appears to be filled with migration related problems at the moment. Some users apparently are reporting missing contents after the migration, or problems during the migration. It probably may be a good idea to wait some additional time before starting the migration, considering that a large amount of users will migrate right away once their see the notification in Live Spaces.

Some questions are left unanswered at this point, for instance:

• Is there a deadline for the migration. And if there is, what happens to Live Spaces blog that are not migrated by that time?
• Are the blog posts 301 redirected to the wordpress.com website?
• Are there backups in case the migration fails?
• Why is Microsoft shutting down the service?

Windows Live customers who want to get started with their own blog, are from yesterday on redirected to WordPress.com as well to complete a similar series of steps to create a blog at the blogging provider. Windows Live Writer will also start using WordPress as the default blogging solution once the new version of Windows Live Essentials 2011 is released by Microsoft.

Are you a Windows Live Spaces user? What’s your opinion on the move?

The Spaces migration to WordPress.com will be automated and easy, ensuring the movement of blog content, integrated media, comments and links is simple. 8.5% of all web sites on the internet are now powered by WordPress, which represents over 26 million publishers who use WordPress to power their blogs and web sites. About half of those sites – 13 million – are hosted by us on WordPress where they attract one of the largest audiences on the internet: of over a quarter billion people every  month.

Windows Live Spaces will be formally closed next March and users who do not want to be moved to WordPress will be given the option to download their blog in HTML form or simply delete it.

Windows Live Spaces is, like I said, one of the least used blogging platforms primarily because of its simplicity and a lack of good customisation options.  As a compliment to the other Windows Live services it worked well, but was never as popular as it could or perhaps should have been given Microsoft’s huge user base.

The move comes as Microsoft streamlines the Live services and introduce new ones to stand alongside the existing main applications and services such as messenger, which has been around in one for or another now for twenty years.

WordPress 3.01 has been released a few minutes ago. The update is maintenance related, according to the blog post over at the official WordPress website. The new version fixes 50 minor issues in the blogging platform. The only – somewhat – security / privacy related issue that was fixed was a bug that allowed logged in users to view trashed articles of other users.

WordPress admins who are interested in the bugs that have been fixed in the release can take a look at Buqtraq which lists them all.

Everyone else can download the new version from the official website, or update the WordPress blog automatically from the admin dashboard. Updating the blog should be fast and smooth, considering the nature of the update. It is still advised to create a backup of the blog’s files and database before pressing the update button or starting the manual updating process.

Ghacks has been just updated, all my other blogs have to wait until the morning. Good night everyone.

WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download (or upgrade within your dashboard). Major new features in this release include a sexy new default theme called Twenty Ten. Theme developers have new APIs that allow them to easily implement custom backgrounds, headers, shortlinks, menus (no more file editing), post types, and taxonomies. (Twenty Ten theme shows all of that off.) Developers and network admins will appreciate the long-awaited merge of MU and WordPress, creating the new multi-site functionality which makes it possible to run one blog or ten million from the same installation. As a user, you will love the new lighter interface, the contextual help on every screen, the 1,217 bug fixes and feature enhancements, bulk updates so you can upgrade 15 plugins at once with a single click, and blah blah blah just watch the video. [via]

WordPress webmasters can now setup additional blogs easily from their admin interface. Multi-user blogs are disabled by default and need to be enabled by setting WP_ALLOW_MULTISITE to true in wp-config before the option becomes available under Tools > Network in the admin interface.

The following parameter needs to be added to wp-config:

define('WP_ALLOW_MULTISITE', true);

Another helpful feature is the ability to update plugins and themes in bulk which was previously not possible. WordPress will automatically switch the blog to maintenance mode for the updating period.

upgrade plugins

The majority of changes have been made to the appearance and development backend of the blogging software.

Interested users can take a look at the WordPress Codex for an overview of the changes in the release. Updates are available directly from the admin interface of a WordPress installation or by downloading WordPress 3.0 from the official website and upgrading the blog manually.

upgrade wordpress

The update should not cause troubles for the majority of WordPress sites out there. Only plugin incompatibilities could result in problems, it is recommended to backup the blog before installing and to verify that the installed plugins are compatible with the new WordPress 3.0.

WordPress administrators can improve the security of their blog with several standard practices like selecting a secure password, changing the admin username or disabling features in the blog (like preventing registration or remote publishing).

But there are also WordPress plugins that can increase the blog’s security tremendously. The following list contains five WordPress plugins that improve a blog’s security.

1. Login Lockdown

Login Lockdown increases the protection against so called brute force attacks. The plugin will log every login attempt and blog attempts from IP addresses that. The login retries, the retry time interval and the length of the lock out can be configured in the plugins’ options.

The list of blocked IP addresses can also provide the webmaster with information about undergoing attacks.

2. WP Security Scan

WP Security Scan scans several key elements of the blog. The plugin checks the WordPress version, table prefix, if the WordPress version is hidden, if DB errors are turned off, if the ID Meta tag has been removed, if a user admin exists and if a .htaccess file has been placed in wp-admin for extra security.

It can furthermore scan the file permissions of the core WordPress folders (showing what it suggests and the actual permissions), change the WordPress table suffix to protect the blog from zero day attacks and provides access to a password strength checker. Does not need to be active all the time.

3. Antivirus for WordPress

Antivirus for WordPress scans the active theme folder for malicious injections. It protects the blog against certain forms of exploits and spam injections. Runs in the background and can be configured to notify the admin if a scan finds an anomaly in the theme files.

4. WordPress File Monitor

The plugin monitors the files of a WordPress blog and notifies the webmaster if any of them have been changed. It can check the file modification date or compare hashes to find modified files.

Folders can be excluded from the scan, important for cache folders for instance with files that change regularly.

5. Secure WordPress

The plugin performs a series of one-time operations on the WordPress blog, specifically:

1. removes error-information on login-page
2. adds index.php plugin-directory (virtual)
3. removes the wp-version, except in admin-area
4. removes Really Simple Discovery
5. removes Windows Live Writer
6. remove core update information for non-admins
7. remove plugin-update information for non-admins
8. remove theme-update informationfor non-admins (only WP 2.8 and higher)
9. hide wp-version in backend-dashboard for non-admins
10. Add string for use WP Scanner
11. Block bad queries

Secure WordPress can be downloaded from the official WordPress Plugin repository.

We here at Ghacks are currently running nine WordPress plugins. That’s not a lot when compared to most other websites. Our sister site Windows 7 News for instance is using 17 plugins which is almost twice the number installed on Ghacks.

You will find some plugins that most WordPress webmasters have installed and some that only a few are using. Here we go

Akismet

WordPress blogs need an antispam plugin to protect the blog from spam comments, trackbacks and pingbacks. Akismet is shipped with every WordPress installation and it feels only natural to use this plugin. We are not very fond of it on the other hand but the lack of a solid alternative is what makes us use it.

All In One SEO

One of the SEO plugins that are available for WordPress. Another highly popular plugin that optimizes some aspects of the blog to increase its search engine visibility. There are other plugins like SEO ultimate out there that we are testing on some of our other websites but we stick to All In One SEO here at Ghacks.[link]

Contact Form ][

One of the many contact form plugins that are available. It was very easy to setup (by simply integrating the command on a page or post) and has been reliable all those years.[link]

Google XML Sitemaps

It is not only compatible with Google but also with Yahoo and Bing. It creates a sitemap regularly and pings the search engines to notify them about the updates sitemap.[link]

Internal Link Building

This is the first plugin in this list that not many WordPress webmasters are using. It makes use of a similar concept that can be seen at Wikipedia: Internal Linking. It allows the webmaster to define keywords and urls they point to. Blog posts are then automatically scanned for those keywords and if they exist they are made to link to the url defined in the plugin’s options. The main purpose of this is to improve the internal linking to push relevant keywords but it can also be used for other purposes like advertising.[link]

Subscribe To Comments

Provides the option to subscribe to the comments of a post so that a notification is received whenever a new comment is posted. It is an alternative to comment RSS feeds that are automatically enabled on the blog.[link]

W3 Total Cache

A few caching plugins fight for dominance. We have been using WP Super Cache for quite some time until we discovered W3 Total Cache. Back then we had to use other plugins like one for compressing CSS files to optimize the loading times of the blog. W3 Total Cache combines not only caching but also minifying of scripts (JavaScript and CSS) eliminating the need for the CSS Compress plugin. It also supports CDNs (Content Delivery Networks) and is more complete than the other caching plugins. Takes a bit longer to configure but is well worth the troubles.[link]

WP-PageNavi

This is the only plugin next to Akismet that we have been using since the creation of this blog. It allows the webmaster to display numbers at the end of each index page instead of the Next Last navigational elements. [link]

Yet Another Related Posts Plugin

This one supports caching and displays related posts beneath each article and also in the RSS feed if desired. We had some troubles with it because of the large number of tags but once we disabled tags from being included in the calculation it worked fine. [link]

The huge amount of traffic that we get every day has forced us to optimize the blog and get rid of some plugins that we would be using otherwise. We have for instance removed social bookmarking icon plugins which reduced the page loading time and did not prove to be as effective as we hoped they would be (meaning that not many visitors clicked on them).

Are you running similar plugins on your website? Let us hear about them in the comments.

Scheduled posts would not be published at the time configured by the user but appear as missed in the list of posts forcing the webmaster to reschedule and hope for the best or to publish it manually.

WordPress 2.9.1 fixes this annoying bug and 23 others that are listed in WordPress Trac. Five of the bugs listed have been rated high while the majority received a normal rating. Several updates fix installation and upgrade issues that webmasters might have experienced. Webmasters with those issues might want to install or upgrade straight to WordPress 2.9.1 which might fix the issues experienced by those webmasters.

Our blogs have not picked up the new version of WordPress yet but it is likely that this will happen in the next few hours.

WordPress 2.9.1 can be downloaded at the official WordPress website. The list of bug fixes is available here.

The new version comes with over 500 bug fixes, changes and enhancements which makes it a recommended download and install. Some of the new features include:

• Trashbin: Posts that are deleted are now moved to the trash instead of being deleted irrecoverably. It is possible to recover posts from the trash at a later time.
• Image Editor: A basic image editor that can be used to edit, rotate, scale and crop images.
• Batch plugin support: Update up to ten plugins at once.
• Video Embeds: video embeds for popular sites have become just a tad easier as it is now possible to simply paste the url into the post which will be turned into an appropriate viewer by WordPress automatically.
• Automatic database optimization which can be enabled by adding define(‘WP_ALLOW_REPAIR’, true); to the WordPress config file.
• Post Thumbnails options which can be used to display thumbnails in every post if the theme supports it.
• Better SEO thanks to rel=canonical
• Custom galleries with the ability to add pictures from several posts.

The complete list of changes can be viewed at WordPress Trac. Happy upgrading!

According to Mashable there are two clues that your blog has been successfully attacked by the computer worm:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

Webmasters are asked to update their blogs to the latest version of WordPress immediately. Those that have been hit by the computer worm should backup all files, export their settings, and do a clean install of WordPress. More help is offered at the WordPress website.

Rant:

It’s Sunday and it is time for a little rant. Webmasters who do not update their blogs as soon as a new version of their blogging software is released are acting stupid. A WordPress update usually takes less than ten minutes and ensures that the blog and server is protected from attacks like these. Webmasters who do not have the time to perform these updates should consider switching to a hosted blogging platform like that at Blogger or WordPress.com. The automatic update option that has been introduced in recent WordPress versions makes it even easier to update the blog as soon as a new version is released. Webmasters who cannot do this should not operate a self hosted blog, period.

One of the main strengths of WordPress is its huge developer community, something that is unmatched by most of its competitors. With this great third party support comes thousands of plugins and themes. So without further ado, I’ll name out a couple WordPress plugins that every user of the blogging platform should use.

All in one SEO

WordPress has the reputation of being the best SEO optimized blogging/CMS platform out of the box. But even with that it still could use a little work. That’s where “All in one SEO” comes in. Basically it allows you to control the SEO aspect of every post, page or tag on your blog as well as override the default WordPress features.

Customizing the plugin is easy and the readme file helps with any problems you might have. There is a reason why it has well over 2 million downloads. So if you haven’t checked it out, I suggest you do so. If you are looking for something a little more advanced you can check out the Headspace2 plugin which is also popular (at the time of this writing it had over 200,000 downloads).

Broken Link Checker

I didn’t know how much I needed this plugin until I got it and since there I have installed it on all my blogs. As the name suggests, this plugin checks your blog at intervals (user defined) for links that might be broken. I cannot stress how important this plugin is for those who run political, tech or news blogs as it is extremely vital at notifying you if your links are active or leading to 404 error pages.

WP-DB-Backup

If it were not for hackers and hard drive failures, this plugin would be obsolete. But thanks to these and many other problems, database failures are prevalent. At least there are options to help keep your database safe.

WP-DB-Backup is one of those plugins which offers users the ability to backup their WordPress databases instantly or have monthly, weekly, daily or hourly backups. The backups can either be sent to a specified email address or can be downloaded instantly. While this plugin is mainly built for those who carry large amounts of traffic on their websites, I would recommend it for everyone including personal bloggers.

Beware that this only backs up the database and not information stored on the server such as download files, pictures and such. That will require another program.

Redirection

When I first started using WordPress I decided to go with the default permalink structure as I was not versed in customizing .htaccess files. That changed a few months later and by that time my blog had boasted well over 150 posts. I needed to do some major on site SEO but was stuck with the fact that if I changed the permalink structure to something more search engine (SE) friendly, visitors who came to my site from backlines would be left with a 404 page error.

Well after a little Google expedition I came across the Redirection plugin which did exactly what it sounds like, redirects old links to the new location. I was extremely happy and I didn’t lose SERPS because of my updated permalink structure.

Even if you are not in the same position I suggest you get this plugin because it is well worth it and it requires very little configuration.

NextGEN Gallery

It’s not everyday that a plugin crosses the 1 million download mark. But Alex Rabe has struck gold with his plugin. For those who are familiar with the WordPress, it is clear that while 2.7 did fix a lot of issues, the built in media library fails to say the least. It’s OK for basic media but managing gallery’s, albums and such is impossible.

That’s where NextGEN Gallery comes in by providing the best photo gallery plugin for the platform. While it still lacks in certain areas, it is light years ahead of the built-in functions of WordPress. Plus with the numerous plugins that expand its features it is quite a beast. If you would like an excellent example of the plugin in action, check out TechCrunch.com.

cformsII

It used to be the top downloaded plugin on wordpress.org until someone brought to the attention of the WordPress community that its license agreement did not match the requirements of wordpress.org. Since then it has been removed, but even with that it still continues to be an excellent plugin.

Basically cformsII allows you to create contact forms, contest forms and anything else your heart desires. Although it is not the easiest plugin to use, it’s powerful and extremely customizable as the CSS file can be edited to meet any requirement.

The only drawback to this plugin is since it’s no longer available on wordpress.org, those wishing to use it have to install and update it manually. That said I still would recommend using it but if you cannot be bothered with the hassle for the extra features, you can always check out Contact Form 7 which carries many of the features but still lacks in the customizability department.

I’m sure there are many others out there but these are the ones that I have found out to be the most useful and would recommend for every WordPress blog. But if you think I left one out, hit me up in the comments below.

A fix was released with the announcement of the vulnerability which consisted of one line of code that had to be edited in the wp-login.php file of the WordPress installation. WordPress installations with the fix are safe from these kinds of attacks.

The WordPress team has nevertheless released WordPress 2.8.4. as a response to the security vulnerability. The new release patches this vulnerability and is a recommended update for every WordPress installation. The WordPress developers are providing additional information about the vulnerability in the announcement post as well.

It was only possible to reset a password of the first user account without a key according to this post which usually is the admin account of the WordPress installation. WordPress is not showing the new version in its interface. This may change in the next hours.

WordPress admins should head over to the WordPress website to download the new version as of now.

The first section will display information about the blog’s responses. This includes checking the web server’s IP, RSS feed, robots.txt file, web caching and search engine indexation in Google and Bing. The second section will display technical details about the blog which are mostly interesting to the webmaster of the website.

The technical details will display page generation and fetch times, transfer speeds, information about compression as well as the version of the blog software and the theme used.

The site links to three additional services that can be used to check out a website or blog. This includes HTML verification at W3c, feed validation at Feedvalidator and HTTP header checks at redbot.com.Is My Blog Working is a great way to quickly check various technical details of a blog. A bookmarklet is provided that can might also come in handy.

A new post appeared on the WordPress discussion list today revealing more details about the process. Everyone is apparently able to reset a WordPress password if the email address of the WordPress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. WordPress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the WordPress blog.

A temporary fix for the remote admin password reset vulnerability was posted. WordPress administrators need to change one line of code in the wp-login.php file of the WordPress installation to protect their blog from the attack.

Replace

if ( empty( $key ) )

With

if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to WordPress installations.

The upgrade fixes a few security issues that have been overlooked in the WordPress 2.8.1 release but discovered by security researchers in the WordPress community.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.

Point your web browser to the official WordPress download page to download the release if you want to perform a manual upgrade.

The XSS vulnerability could be used to create comment author urls that would redirect the system administrator away from the blog’s website to another site to exploit the situation. WordPress webmasters are encouraged to update their blogs as soon as possible to patch the security vulnerability.

Updates are available directly from within the WordPress interface if the correct server login information are supplied or by updating the traditional way which would mean to download the WordPress release from the WordPress website, upload it to the web server and run the upgrade command manually. The release information should also be displayed prominently in the WordPress admin interface with a link to the automatic update script of WordPress.