Click Here To Download John Chow's Newest eBook - The Ultimate Online Profit Model

WordPress 2.2.2 and 2.0.11 Security Update

written by John Chow on August 5, 2007

The Ultimate Online Profit Model

For those who never read their WordPress dashboard, the makers of our favorite blogging software has released a security update.

Today we have two security-related releases available for both users of our main 2.2 branch and the legacy 2.0 branch. As these releases include only security and minor bugfixes they should not cause any plugin or theme compatibility issues, so you have no good excuse not to upgrade.

Now would be a good chance to test out that automatic WordPress updater. If you do use the auto update plugin, let me know how it worked for you. As for me, I did it the old fashion way. Since this is just a security update, all I did was upload and replaced the files. I didn’t even need to update the database.

Did you enjoy this post? Get John Chow Dot Com updates via email...

Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.


Becky August 5, 2007 at 9:42 am

Hi John,

I updated all my blogs on wordpress version from 2.2 to 2.2.2 today and there wasn’t any MYSQL changes performed. So maybe that is what happened. Thanks for the tip about that that plugin though !

Becks :razz:

SELaplana August 6, 2007 at 2:33 am

i update my Wordpress installation manually and after that…. seems no changes at all

John Cow August 5, 2007 at 9:44 am

Update schmupdate. It’s running fine as it is, we’ll wait to see other blogs updates and if they don’t break, we’ll join in.

John Chow August 5, 2007 at 10:02 am

The update went without any issues for me. Very easy. Just upload and replace.

click for nick dot com August 5, 2007 at 10:06 am

I would definately update, but I use Blogger, a bit easier to use and I dont pay for hosting :roll:

Glen Allsopp August 5, 2007 at 12:08 pm

You do save money but theres only so far you can go with the platform IMO

I hate the way they do their comments

dcr August 5, 2007 at 1:27 pm

Yes, there comments’ system is a little awkward and cumbersome.

Why would you want your readers to go through the extra hurdles to leave a comment?

InvestorBlogger August 5, 2007 at 7:38 pm

Yep, and I never usually bother leaving comments on blogger blogs… It’s just horrible. And that’s not to say I haven’t tried to, either. I usually give up.

Also I live in Taiwan, so Blogger’s interface shows up in Chinese. I have to log in and change the language option before I do the comments…

Really way too much trouble.


Wahlau.NET August 5, 2007 at 9:49 pm

yup…i don’t like commenting in blogspot too…

Blogging Experiment August 5, 2007 at 12:51 pm

yeah, cause hosting is soo pricey :roll:

dcr August 5, 2007 at 1:24 pm

Plus, you can always move to a new host if they raise prices, if you outgrow them, if they decline in the quality of their service, if you find a better deal elsewhere, etc.

And, you can always switch to a different CMS if something better (or more to your liking) than WordPress comes along.

When you use one of the big name services, you’re pretty much stuck with whatever software, service and servers they have.

Glen Allsopp August 5, 2007 at 2:41 pm

hehe, theres no doubt that a blog can still be a success if hosted elsewhere (take lorelle for e.g.) but it certainly makes the branding side that much harder

Blogging Experiment August 6, 2007 at 10:43 am

well if you use your own domain for branding etc then it’s not as bad but all the comment issues and things like that still apply. I just don’t see any reason not to host your blog yourself.

Wahlau.NET August 5, 2007 at 9:52 pm

maybe you can start with this

hosting for 10usd/year (first year only) with 2 free domain.

It is very cheap to start….

Thomas De Maesschalck August 5, 2007 at 10:33 am

I just updated, it’s best to do this asap as this update fixes a XSS exploit. August 5, 2007 at 10:55 am

yep took me less than 5 minutes. I did it the same way John did. never knew you use wordpress john, didn’t notice the powered by wordpress tag on your footer.

dcr August 5, 2007 at 1:19 pm

Took me longer than 5 minutes. Actually, all the prep work is what took so long. The last upgrade was before my blogs were really up and running, so I just deleted nearly everything and reinstalled, without worrying about doing a backup or anything.

But, this time, I made sure I had a backup of the database, as well as all the WordPress files and everything I’ve modified.

Then, I read and re-read the directions to make sure I was doing everything right. Then double-checked as I did things to make sure I didn’t miss anything.

The actual upgrade process took less than 5 minutes though. Aside from the prep time, this was a pretty painless upgrade, probably because I was running WP 2.2.1, so there probably wasn’t a major change from 2.2.1 to 2.2.2 in terms of having to upgrade or modify the database or anything else.

So far, I’ve not noticed any problems since the upgrade, which hopefully means I didn’t accidentally delete or “upgrade” something I shouldn’t have!

dcr August 5, 2007 at 11:10 am

Thanks for bringing this up. My eyes just glaze over the WordPress dashboard “news.” Usually it’s just full of ads for t-shirts and stuff. It’d be nice if they’d highlight the important stuff.

Jerad Kaliher August 5, 2007 at 11:29 am

Good looking out. The automatic Wordpress updater was great.

Blogging Experiment August 5, 2007 at 12:59 pm

I think I’m gonna wait for it to handle a more involved update before I let it update my blogs for me.

John Chow August 6, 2007 at 9:58 am

You shouldn’t wait. 2.2.1 has a security problem that 2.2.2 fixes.

Blogging Experiment August 6, 2007 at 10:44 am

Sorry, I meant I was going to wait to let the auto update plugin handle my updates, not that I’d wait to do the update.

Terra Andersen August 5, 2007 at 11:44 am

Thanks for the heads up! *=)

Nik Agarwal August 5, 2007 at 12:30 pm

i used the automatic update plugin. everything went smoothly, but it got stuck on the last step, which was to reactive all of my plugins. Other than that, it was a pretty smooth update.

NSpeaks August 5, 2007 at 9:20 pm

Same here, it didn’t reactivate the plugins. Other than that, the plugin seemed wonderful in updating my Wordpress to 2.2.2.

Richard - August 5, 2007 at 12:45 pm

I ran into a few jitters but other then that, it worked great! ;D

Alex78 August 5, 2007 at 1:58 pm

Yep, thanks for keeping us up-to-date. Actually update went smoothly and everything’s working fine.

Glen Allsopp August 5, 2007 at 2:42 pm

has anyone else found that their images are no longer uploading?

dcr August 5, 2007 at 6:11 pm

I just did a test, and it works for me.

Budget Babe August 5, 2007 at 7:24 pm

I actually installed Wordpress on Saturday so I hope that included the security update. I better check. Thanks for the heads up.

Johnny August 5, 2007 at 7:24 pm

I am on blogger as well, I read the complaints about it so someone please point me to the wordpress advantages.Am I missing out on something?

dcr August 5, 2007 at 7:56 pm

Comments are a lot easier, and there is some flexibility to them as well, in that the blogmaster can set it up in at least a couple different ways.

I don’t know what options Blogger may offer, but every Blogger blog I’ve seen makes it an obstacle course to leave a comment. Maybe not a big deal to some people, but definitely an extra step or two than what you would need to do on a WordPress blog.

I don’t know whether Blogger offers different options for the blogmaster or not, but everyone that I’ve encountered has the same annoying comment setup.

Besides that, with my WordPress blog, if I am unhappy with my webhost, I can move my blog and retain stuff like my Technorati Authority ranking and incoming links.

With Blogger, unless you are using your own domain name, you wouldn’t be able to do that. You’re pretty much stuck with what they offer you. And, if you move to a different host, you will have to change your URL (unless you had your own) and basically start all over with regard to your Technorati and other rankings. Plus, you will lose your incoming links (unless Blogger will 301 redirect from your old blog to your new one).

You can certainly have success with any platform you choose, but it is best and more flexible to use something (like WordPress) that you can move to a different host if need be and also to have your own domain name to make any moves go more smoothly than they would otherwise if a move involves an URL change.

InvestorBlogger August 5, 2007 at 8:07 pm

A lot: mostly freedom to handle your blog as you think… Many using WP started out on Blogger, but I don’t think many went back to it!

Kenneth August 5, 2007 at 8:50 pm

C’mon, upgrading Wordpress is pretty dang simple. Why do you need a plugin?

My feeling is, if you can’t upgrade the puppy, then maybe you shouldn’t be running a blog.

Great blog, Chow.


Mybloggo August 5, 2007 at 10:35 pm

Going to update

Geedos August 6, 2007 at 4:25 am

I always get a bit nervous at update time – not sure why as it has never gone wrong, however for this reason I think I’ll stay away from the automatic updater and do it the old fashioned way.

Call me a control freak but I like to be the one who chooses when and where to upgrade to the latest version – preferably at the weekend when I have enough time on my hands to fix any problems that do crop up.

Budget Babe August 6, 2007 at 6:02 am

I realised that my installation did not include the upgrade so I just did it (my first ever time!) and it went without a hitch. I think I could get used to doing these updates now (I used to be terrified). Thanks John!

April August 6, 2007 at 10:00 am

I’ve used the plugin and everything seems to be fine. :smile:

Ronaldo Camacho August 6, 2007 at 10:45 am

I use my host’s One Click Install feature, but looks like they didn’t update yet. Should take one more day.

Nathan August 6, 2007 at 11:17 am

i used the plugin too and it was fine

Michael Fultz August 6, 2007 at 10:38 pm

Haven’t tried it yet, but it’s on the list..

ThomasUkm August 7, 2007 at 6:12 am

I have tried the plugin. Everything works fine, except on..
item 9. Provide you with a upgradation log

The notifier “item 9 failed” came out, i just ignored it and the upgrade still works.

Anybody has this experience?

The Online Presence Blog :: Make Money Online August 8, 2007 at 11:11 am

I used the Automatic Upgrade Plugin for this release.

It was a really smooth process and it took me only 30 seconds to upgrade and to even confirm if things were working fine.

The plugin is really good.

Click Input August 16, 2007 at 8:51 pm

9 blog laters and I have finished upgrading… uploading is slow from here in Thailand too. Im gonna check out that plugin though

Sunnye August 19, 2007 at 5:10 pm

hmmm, all my custom hacks will have to be re-added now. Maybe not the best idea.