I knew it was bound to happen… I just didn’t think it would happen a week after the previous update!! Wow, lol. Well, I am thankful that the WordPress Dudes (as I affectionately call them) are on their toes with security issues.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
So I guess I know what I will be doing this afternoon. :-p
WordPress has now made it so easy to update, I thank them for that. In a nutshell, here’s how to do it:
I do database backups just about every week (log into my web host’s cPanel and use their Backup Wizard). I also then use the “Export” feature in the WordPress Dashboard. This saves all posts and comments in an XML file. It just saves the information, not your blog’s theme nor photos nor other dynamic content. I made a quick video tutorial about How to Exporting Your Blog in an XML File. It’s an “on the safe side” kind of backup tool.
I used to disable all my plugins before doing any upgrade. Plugins are third-party software, and therefore may conflict with each other during the upgrade. However, for the past three recent upgrades, I have attempted leaving my plugins enabled, and I have had no problems. I do, however, ALWAYS upgrade my plugins before attempting my WordPress upgrade.
This notification shows up on all your Wordress admin pages. I usually go to my Dashboard and proceed from there. The link will take you to a page within your admin site, giving a few scanty details, and clicking the link.
I take my time whenever I upgrade. I make sure the kids are preoccupied, I am *relatively* clear-headed, and not in a hurry. I’ve had problems when I have been too click-happy. Depending on the speed of your web host’s server transactions, it may take a few more seconds to complete. Don’t rush anything!
I have Hostgator as my web host (see the button to their website in my sidebar) and I have been thrilled with their service and support. I recommend them more than any other host (and believe me, I’ve had a lot of hosts). If your blog has problems, give them a call. You will have a database backup that you can fall back on (you DID make that backup, right??!), and they can reinstate the older version, and help you upgrade to the newer one. But I have never had any problem whatsoever with the new WordPress upgrade feature– it’s run AMAZINGLY smoothly.
Hope this helps!
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
