Top

Why You Should Upgrade Your WordPress to Version 2.2.1

June 28, 2007 by  

If you are running WordPress 2.2, it’s mandatory to upgrade to the latest version 2.2.1.

The WordPress community has identified and fixed several bugs and the result is a more stable and polished version 2.2.1.

However, the bugs fix would probably not the main reason why you should upgrade, the latest release also addresses several security issues that allows attacker to take full control of your blog. I’ve seen this happened to a blog recently.

The following vulnerabilities have been addressed in version 2.2.1

 

Remote SQL injection in XML-RPC
This only affects blogs running WordPress version 2.2 that allow registration or blogs that have registered members. This exploit relies on existing account to perform SQL injection. You can temporarily disable this vulnerability by disabling registration on your blog. To do so, go to Options > General and remove the check mark from “Anyone can register”.

Remote shell injection in PHPMailer
Those using Sendmail to send emails from their blog is vulnerable to this exploit.

Complete updates, changes and fixes addressed in the latest version can be found here.

OK, I know I haven’t upgraded Sabahan.com to the latest version but seriously I will do it today. I have upgraded almost all of my other blogs to the latest version.

While running the upgrade for one of my blogs with WordPress 2.2, I just uploaded the new core system files and overwrite the old files. When I ran the upgrade.php script, it told me that no database changes were required. I didn’t even deactivate my plugins.

The blogs seems to be working fine after the upgrade. Nonetheless, I recommend you to follow the recommended upgrade procedure. It goes without saying that you need to do a backup before performing any upgrade.

Did you enjoy this post? Please subscribe via RSS or email.

Related posts

Comments

RSS feed | Trackback URI

6 Comments »

Comment by Kay Kastum
2007-06-29 11:11:52

WordPress rocks!

 
Comment by papajoneh
2007-06-29 15:34:31

Done on the first day :)

 
Comment by IZDotCom
2007-06-29 23:22:02

hongkiat.com was also hacked because he didn’t patch his WP (although he reminded everyone to do so few days earlier) :P

 
Comment by Wahlau.NET
2007-07-01 13:12:51

haha…really….this is funny

it is good that my is updated

 
Comment by dotnetnuke
2007-07-02 00:07:53

Thats funny, he tells people to update but he forgots himself lol.

 
Comment by komirad
2007-07-08 04:12:37

Easy update from fantastico! ONE CLICK!

 
Name (required)
E-mail (required - never shown publicly)
URI
Subscribe to comments via email
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.

Trackback responses to this post

Bottom