WordPress 2.8.5 “Hardening Release” Upgrade Recommended
WordPress 2.8.5 “Hardening Release” is released now. WordPress recommends every site to upgrade to the latest version. According to the WordPress Blog,
We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The important changes and fixes that are done in this release are as follows:
- Fix for the Trackback Denial-of-Service attack that is being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
WordPress Blog recommends all sites to upgrade to this new version of WordPress to make sure the best available protection.
WordPress also recommends to use the WordPress Exploit Scanner, if you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit. This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. You can read more about this plugin here.