WordPress 2.6.2 Available for Download

I’ve just got the noticed on my WordPress control panel that version 2.6.2 is now available for download. This is a security update so everyone who is running WordPress should update to this latest version ASAP. This is especially true is you allow open registration on your blog.

If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.

Download WordPress 2.6.2

47 thoughts on “WordPress 2.6.2 Available for Download”

  1. Wow, interesting bug. Time to upgrade for sure.

  2. Milo says:

    Another update? It’s sick. So much time wasted in these incremental upgrades especially when you have a number of blogs. The automatic update plugin doesn’t work consistently.

    I think this is the main reason why more heavyweight blogs are using products from sixapart.

    I am seriously thinking of migrating…

  3. Glen Allsopp says:

    I wish we didn’t have to update so often, it is a whole ‘nother chore in itself

  4. I think that my webhost (hostmonster) is a little behind on the upgrade…i have to go into simplescripts to upgrade. It there another possible way to upgrade?

    1. Ryan McLean says:

      I hate how wordpress keeps telling us to upgrade again and again and again and again….I am so frustrated.
      I wish there was an easy way to upgrade atlanta but I don’t think there is an easy way…is there?

      1. Abdul says:

        Yea me too, I haven’t even upgraded to the last upgrade that came up!

        1. You guys should get the instant upgrade plugin.

          Click once, click twice — done the upgrade!

          Takes about 15 seconds.

          1. Jake says:

            This automatic upgrade plugin didn’t work too well on two of my blogs on which I tried it. Can’t be too bothered about these updates, my log homes site still runs on version 1.5.x. and it is readable.

            I suppose I’ll do my next upgrades when WordPress reaches 3.something and I’m sure even then I won’t be using any cool new features that come with it. I’ll just keep pushing that publish button every now and then. I can see the benefits for active plugin and widget users though.

          2. Jake, that’s crazy. You should at least upgrade to 2.5

    2. Yea I remember that was a frustration for me at starting my last blog. Too many frequent updates.

    3. how is it that I now have a link on the word “webhost”? Strange and wonderful things I see…. . . . :mrgreen:

  5. Fail Funnies says:

    I have found that the auto-update plugin works great for this. I tried to upgrade manually and had a complete disaster with one of my sites. So much so that I had to rebuild the entire database and reconstruct. I heard about the exploit yesterday and yes, it is time to get up to date.

    1. Abdul says:

      Hey I heard there was an automatic upgrading plug-in, you can get that to upgrade automatically, although I am not too sure about it because you still have to upload that plug-in maually through an FTP client and I’m too lazy to do that!!

    2. Stephie3679 says:

      That plugin is great. WordPress always has upgrades and I found with the automatic update plugin works best. Thanks for letting me know about the security update.

  6. m4stono says:

    maybe sometime I will create my first wordpress blog

    1. Freeman says:

      You should! I love the WordPress format! It makes blogging really enjoyable! πŸ™‚

      1. Abdul says:

        oh so you’re still running at blogger eh… Get on my blog or just click here to know why I switched to wordpress and what might ruin your blog’s presence on the Internet FOREVER!
        Well not actually forever, but a long time!
        Mark my words, this happens to almost every blog that gets famous on blogger and you don’t want that to heppen to you!

  7. Coolio. Thanks for the security tip. Guess I know what will take up a couple of hours of my time this afternoon πŸ™

  8. Brad says:

    :/ I haven’t finished updating all my other blogs from the last update. They are updating the software a little too much.

    1. That is what I used to think. I found a great plugin that helps me update my WordPress blogs very quickly and it works like a charm. It is called Instant Upgrade.

  9. Freeman says:

    Oh yikes! I’m glad they are atleast on top of things! Security risks scare me! I don’t know what I would do if someone screwed with my passwords…find them and…well you get the the point… 😈

  10. Ryan McLean says:

    So John is there an easier way to update (like an automatic way) so I don’t have to keep accessing my files. Because this is really annoying me

    1. Freeman says:

      Who is your host Ryan? Some hosts allow you to easily and automatically update. I have Dreamhost and I can do it through my hosting panel with the touch of a button!

      1. Abdul says:

        Well you can get it’s plug-in as well to make it more automated once and for all!

  11. Ryan says:

    Thanks for the heads up… I’ll definitely get on to that.

  12. revenue says:

    Yes that is true and i have already update it, well i use the wordpress auto upgrade and all happen perfectly , and my blogs automatically upgrade to the latest version, download it from the wordpress extend. Just activated it and press upgrade that’s all πŸ™‚

  13. Nebraska SEO says:

    Pain in the butt!

    But it’s incredibly important to do the security updates as quickly as possible. I know people that have had multiple sites pwned because of an unsecure script on just one of them.

  14. ZK says:

    Its painful to keep updating wordpress every 40 days

    1. Automatic plugin. πŸ˜‰

  15. It seems like everytime I get the bug worked out between my theme and the newest version of wordpress, they come out with another.

    It’s a never ending battle.

    1. Jake says:

      Backdoor update maybe? WordPress could first run the update via plugin and widget providers to give them time to iron out any problems. Would it help? I sure don’t know, but in this case automatic update services would have something to work with.

  16. Why can’t there be a version of WordPress that works properly? Why are there all of these security updates? PHP is not the best language for building secure and stable applications.

  17. Amanda says:

    Maybe they should start combining updates or something. I JUST upgraded.. It’s hard to keep up with them almost if you don’t pay attention.

  18. Pheak T says:

    someone should do a final update for wordpress so it will automatically prompt you to download the updates when there is one..sort of like windows update. (i hope no one else mentioned this already, if so, good idea πŸ˜› )

  19. The upgrades are crazy, but people should be glad that they don’t ignore bugs.

  20. CoolProducts says:

    I will definitely be updating my personal blog tonight. Seems like it shouldn’t be too difficult. I agree with everyone else though; there seems to always be new updates waiting for me on my dashboard.

  21. 100kjob says:

    This may be off topic a bit, but you just gained 600+ readers for the last couple of days, amazing!

  22. Thibaut says:

    Hum, seem now I don’t have time to blog as I keep on upgrading the 10 WordPress blogs I own. I hope we will have soon an automatic WordPress update like Mozilla πŸ™‚

  23. I used the WordPress Automatice Upgrade Plugin for the first time today. My heart was racing everytime I hit the “Next Step” button as I went through the upgrade process.

    I fully expected it to crap out on me, and cause me to restore my backups and my themes folders.

    Tick, Tick, Tick… I waited. As if a bomb would explode any minute. Then… It happened.

    My version had successfully upgraded with no errors! This plugin is awesome!

    You can get it here: http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-12-release.html

  24. Fat Tony69 says:

    I am not going to update. To be honest, I am fed up with wordpress. They don’t even protect their PHP. Sure this helps, but I have to recode all my files. Here is what I am talking about.


  25. John D says:

    Thanks for the headsup about the update. Sure, it might take a little bit of your time to update WP, but in the end, security is No. 1# priority.

  26. titan says:

    hoho. i just update to 2.6.1. I will update the latest one soon. Looks good huh!

  27. Alex Kim says:

    Yay! I just upgraded mine last night.

  28. Kiniku.net says:

    Oh, i’ve got something else to say, i think you have to put back the category widgets on the sidebar… just to make it handy for us to switch category because we don’t need to wait another seconds to go back to frontpage…

  29. Has anyone lost all their wordpress from the upgrade. Any suggests for the best way. Meaning does anyone put it on a separate or external HD?

  30. ssroslan says:

    I got a problem after successfully upgrading to 2.6.2. My theme’s sidebar suddenly appear at the bottom of the page. and this is only happen on the homepage only. All blog post page act as normal. I’ve tried to change to other themes but it still the same. I’m thinking of re-installing my wordpress if i still cannot find a solution by end of the week. Anybody facing the same problem? Any help from you guys is very much appreciated.

  31. Linn says:

    I am starting to use wordpress too, still learning.

    so, autoupgrades are fantastic or not? coz after reading all your comments, it got me thinking, maybe manual upgrades would be a bit better while deactivate the plug-ins, ftp newer files only mode and activate back the plug-ins, will it work?

    cheers in advance for the answers.

Comments are closed.