Why You Should Upgrade Your WordPress to Version 2.2.1
Posted on 28th June, 2007
If you are running WordPress 2.2, it’s mandatory to upgrade to the latest version 2.2.1.
The WordPress community has identified and fixed several bugs and the result is a more stable and polished version 2.2.1.
However, the bugs fix would probably not the main reason why you should upgrade, the latest release also addresses several security issues that allows attacker to take full control of your blog. I’ve seen this happened to a blog recently.
The following vulnerabilities have been addressed in version 2.2.1
Remote SQL injection in XML-RPC
This only affects blogs running WordPress version 2.2 that allow registration or blogs that have registered members. This exploit relies on existing account to perform SQL injection. You can temporarily disable this vulnerability by disabling registration on your blog. To do so, go to Options > General and remove the check mark from “Anyone can register”.
Remote shell injection in PHPMailer
Those using Sendmail to send emails from their blog is vulnerable to this exploit.
Complete updates, changes and fixes addressed in the latest version can be found here.
OK, I know I haven’t upgraded Sabahan.com to the latest version but seriously I will do it today. I have upgraded almost all of my other blogs to the latest version.
While running the upgrade for one of my blogs with WordPress 2.2, I just uploaded the new core system files and overwrite the old files. When I ran the upgrade.php script, it told me that no database changes were required. I didn’t even deactivate my plugins.
The blogs seems to be working fine after the upgrade. Nonetheless, I recommend you to follow the recommended upgrade procedure. It goes without saying that you need to do a backup before performing any upgrade.