gHacks Technology News | Latest Tech News, Software And Tutorials » wordpress bugs

WordPress 2.7.1 Update

Martin Brinkmann — Tue, 10 Feb 2009 22:59:07 +0000

Seems the WordPress developers have finally released a new version of the free blog software. The update to WordPress 2.7.1 (from 2.7) is a maintenance release which fixes 68 tickets. It is therefor a recommended upgrade and should be applied by WordPress webmasters as soon as possible. The WordPress tracker which is mentioned on the update page is currently unavailable which is probably due to the release announcement which is visible for every admin in the WordPress interface.

You can download the latest version of WordPress from the official website or apply the upgrade manually in the WordPress interface. You can take a look at in depth file changes by following this link or at the 68 tickets that have been closed here.

The update includes six tickets with a high rating and more than 50 rated as normal. While the update does not list many security fixes it is still recommended to update as soon as possible. The update will not alter the database and should not break anything including plugins or themes.

WordPress Incorrect Password

Martin Brinkmann — Sat, 01 Dec 2007 09:10:09 +0000

Cheryl emailed me this morning telling me that her password would not be accepted by WordPress after registering a new account although she was sure that she did type it correctly. The message that would appear was always “Incorrect Password”. My first step of solving this problem was to change the password to “test” and try the login procedure again.

This did not work as well and the Incorrect Password screen did appear again. I then tried to generate a new password but this was also not accepted. I headed out and performed some searches for a solution and finally found it.

It seems that WordPress is having problems with upper case usernames. Cheryl registered her account with a upper case C. I deleted that account, registered again with cheryl as the username instead and et voila, I was able to login immediately with the password that was send to my email address.

This will hopefully help all the other users who use upper case letters in their WordPress usernames only to find out that login in with them does not work.

Secure WordPress with the first WordPress Worm

Martin Brinkmann — Thu, 02 Aug 2007 15:57:18 +0000

Did you know that the latest version of WordPress contains at least seven security vulnerabilities that could compromise your blog ? If you use WordPress you should make sure that to fix them as soon as possible. The easiest way to fix them right now is to use the first WordPress worm – which is a good one – to fix all seven vulnerabilities for you.

The process requires some faith that the xss worm is really fixing the vulnerabilities but the application itself is easy. About the faith: I have not read negative reviews so far and the worm has been released two days ago which should be enough time for some experts to complain about it.

If you want to secure your blog you simply write a comment on your own blog while you are logged in as the administrator linking to http://mybeni.rootzilla.de/mybeNi/ ; Click on that link from your admin panel afterwards which will lead to the site.

The first page explains what will be done and only if you actively click on “Secure my Blog” the vulnerability scan will be started. It will check three WordPress files for the vulnerabilities and offer to fix them if the vulnerability is found.

The vulnerabilities can only be fixed if the files are writable so make sure they are. An alternative would be to copy the code that will be inserted and add it manually in the files. The complete code of the file is shown and the addition is highlighted.

I suggest to run the worm a second time to make sure that your blog is safe and that the fixes have been applied.