Click Here To Download John Chow's Newest eBook - The Ultimate Online Profit Model

WordPress 2.3.3 Available for Download

written by John Chow on February 5, 2008

The Ultimate Online Profit Model

Our favorite blogging software, WordPress, has released an urgent security update that everyone should upgrade to.

If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords.

The part about changing your passwords often is a good idea. I’m going to update both blog and passwords now.

Did you enjoy this post? Get John Chow Dot Com updates via email...

Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.


xanete February 5, 2008 at 10:50 am

It sounds interesting. I will try it. ;)

Make Money Schemes February 5, 2008 at 11:26 am

This is the first update I’ve applied in a year, that was one serious security risk. I also took the chance to go for a new design whilst I was upgrading.

RacerX February 5, 2008 at 11:19 am

Blogger is so FUBAR right now it is tempting to jump…

Picture loader doesn’t work after you spell check…which isn’t working!

Neil Duckett February 5, 2008 at 3:29 pm

You’ll never look back, Wordpress rocks.

Nicholas James February 5, 2008 at 4:26 pm

Wordpress rocks…the best blogging platform on the market at the moment

Syed Balkhi February 5, 2008 at 11:40 am

yes this is a major issue … i am in process of updating Balkhis.

Nicholas James February 5, 2008 at 4:38 pm

yea you should, its worth the upgrade whenever one is released.

Million Dollar Tag Cloud February 5, 2008 at 11:49 am

Wordpress is the best blogging software available – for sure. I also
love using it as CMS for midsized websites.

InfectedByBugs February 5, 2008 at 11:50 am

This was sorta stupid of WP to release another update so late. Why didnt they just fix it in the last release which came out about a week ago!

Make Money Schemes February 5, 2008 at 12:13 pm

Maybe it wasn’t identified then?

Duckeldanny February 5, 2008 at 11:58 am

sure, wordpress is the best blog software ever

AndrewPavelski February 5, 2008 at 12:38 pm

Well, I guess I’ll check it out… :wink:

Heidi February 5, 2008 at 1:13 pm

I will have to make sure to have my hosting company look into this. Thanks for the heads up.

Start Blogging February 5, 2008 at 1:51 pm

Will do. Thanks for the update.

Robert Afnani February 5, 2008 at 2:35 pm

Saw it on my WP dashboard. Updating now!

Miley Cyrus February 5, 2008 at 2:57 pm

Major security update.. yeah I don’t know how people who have 5+ blogs manage these updates because it’s such a hassle. I only have 3 blogs at the moment and I’ve so far postponed this update to next time I’ll have some free time and feel like backing up/ updating.

By the way, how often do you backup your sites?

Johan Cyprich February 5, 2008 at 3:26 pm

It’s amazing how many critical updates are the result of security concerns in WordPress. WordPress is written in PHP4 and this is not the best choice for secure applications. A rewrite in PHP5 is necessary.

Nicholas James February 5, 2008 at 4:41 pm

No because PHP5 isn’t universally used yet.

Louis February 5, 2008 at 3:59 pm

Well on the other side, PHP5 isn’t as widely used as PHP4 right now, but I’m sure things will evolve over time. I glanced at the Wordpress post about upgrading, and jumped at downloading/updating. When I re-read it, it did say it would allow an existing user to edit other users’s post. So if you had only 1 user, it wasn’t as crucial as initially thought. Always good to upgrade though.

Nicholas James February 5, 2008 at 4:40 pm

Saw it on my dashboard before and upgraded :mrgreen:

Tyler Cruz February 5, 2008 at 5:10 pm

I believe I was just a victim of this exploit. I was washing dishes when I got a message on my Blackberry stating my blog was down.

_All_ my posts were deleted… Fortunately, I have an insane amount of backup measures in place, and was able to restore my blog, and then upgrade to 2.3.3.

So… UPGRADE TO 2.3.3 ASAP. I’m not positive if this was what caused my blog to have all of the posts erased, but I’m thinking it’s a likely reason.

Penny Raine February 5, 2008 at 9:22 pm

And if we don’t have registration enabled is this upgrade still needed? I have customized my theme, is there any danger of losing those customizations when I upgrade?

Miley Cyrus February 6, 2008 at 5:48 am

Was wondering the same thing and I came to the conclusion it’s not needed but guess I’ll still upgrade it eventually.

Photoshop Tutorials February 6, 2008 at 3:12 am

thanks for the update, and Penny Raine, no worries, no danger of losing customizations, …… i think. :lol:

Haroon February 6, 2008 at 4:23 am

ahh already upgraded :wink:

Katie February 6, 2008 at 7:44 am

Nice post :) I want to get WordPress Someday when I get hosting with a good host other than Blogger. I can’t wait. It will be exciting. :wink:

~Katie :razz:

Mark Heinemann February 6, 2008 at 9:35 am

Yeah, I’m updating today on both my sites. Always, backup!
Take care,
Mark :grin:

Haroon February 6, 2008 at 10:20 am

Tyler – I just want to tell you that your lucky man you had backup. I was not that lucky as you, my other blog was cleaned out and i couldn’t do anything about that. :cry:

General Marketing Blog February 6, 2008 at 2:47 pm

another update i only just updated to 2.3.2

i belive with this one you only need to update the xmlrpc.php file

Fahmishah February 6, 2008 at 8:43 pm

i have already update it

Photoshop Tutorials February 7, 2008 at 4:22 am

Some strong tips there about passowrds guys. I forgot to mention before but updating your passwords regularly is the best form of defense, any one can have against hackers!

David Chew February 7, 2008 at 10:08 am

Thanks for the post john. :grin:

spidro February 7, 2008 at 4:15 pm

thanks for the update , i stared to use wordpress few weeks ago and this is the first update for me

Feed Flare February 8, 2008 at 11:08 am

Thanks John for the heads up!

mack goodman February 8, 2008 at 5:19 pm

I just copied the file xmlrpc.php over and that was easy instead of the full update, but I couldn’t get rid of the update notice. BUT I FOUND THE WAY!! :razz: Just get the new version 2.3.3 and locate the “version.php” file and copy that to the wordpress/wp-includes directory and that does it… Thanks John!

Terra Andersen February 8, 2008 at 10:38 pm

Looks like it’s time to update! thanks for the heads up! – I must be living under a rock, because I didnt even hear about this until now.