Wordpress 2.6.2 Available for Download
I’ve just got the noticed on my Wordpress control panel that version 2.6.2 is now available for download. This is a security update so everyone who is running Wordpress should update to this latest version ASAP. This is especially true is you allow open registration on your blog.
If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.
- Posted in The Net, Wordpress
- 47 comments what's your take?
Sorry, the comment form is closed at this time.
Loading ...
Wow, interesting bug. Time to upgrade for sure.
Reply to this commentAnother update? It’s sick. So much time wasted in these incremental upgrades especially when you have a number of blogs. The automatic update plugin doesn’t work consistently.
I think this is the main reason why more heavyweight blogs are using products from sixapart.
I am seriously thinking of migrating…
Reply to this commentI wish we didn’t have to update so often, it is a whole ‘nother chore in itself
Reply to this commentI think that my webhost (hostmonster) is a little behind on the upgrade…i have to go into simplescripts to upgrade. It there another possible way to upgrade?
Reply to this commentGRRRRRR!!!
Reply to this commentI hate how wordpress keeps telling us to upgrade again and again and again and again….I am so frustrated.
I wish there was an easy way to upgrade atlanta but I don’t think there is an easy way…is there?
Yea me too, I haven’t even upgraded to the last upgrade that came up!
Reply to this commentYou guys should get the instant upgrade plugin.
Click once, click twice — done the upgrade!
Takes about 15 seconds.
Reply to this commentThis automatic upgrade plugin didn’t work too well on two of my blogs on which I tried it. Can’t be too bothered about these updates, my log homes site still runs on version 1.5.x. and it is readable.
I suppose I’ll do my next upgrades when Wordpress reaches 3.something and I’m sure even then I won’t be using any cool new features that come with it. I’ll just keep pushing that publish button every now and then. I can see the benefits for active plugin and widget users though.
Reply to this commentJake, that’s crazy. You should at least upgrade to 2.5
Reply to this commentYea I remember that was a frustration for me at starting my last blog. Too many frequent updates.
Reply to this commenthow is it that I now have a link on the word “webhost”? Strange and wonderful things I see…. . . .
Reply to this commentI have found that the auto-update plugin works great for this. I tried to upgrade manually and had a complete disaster with one of my sites. So much so that I had to rebuild the entire database and reconstruct. I heard about the exploit yesterday and yes, it is time to get up to date.
Reply to this commentHey I heard there was an automatic upgrading plug-in, you can get that to upgrade automatically, although I am not too sure about it because you still have to upload that plug-in maually through an FTP client and I’m too lazy to do that!!
Reply to this commentThat plugin is great. Wordpress always has upgrades and I found with the automatic update plugin works best. Thanks for letting me know about the security update.
Reply to this commentmaybe sometime I will create my first wordpress blog
Reply to this commentYou should! I love the Wordpress format! It makes blogging really enjoyable!
Reply to this commentoh so you’re still running at blogger eh… Get on my blog or just click here to know why I switched to wordpress and what might ruin your blog’s presence on the Internet FOREVER!
Reply to this commentWell not actually forever, but a long time!
Mark my words, this happens to almost every blog that gets famous on blogger and you don’t want that to heppen to you!
Coolio. Thanks for the security tip. Guess I know what will take up a couple of hours of my time this afternoon
Reply to this comment:/ I haven’t finished updating all my other blogs from the last update. They are updating the software a little too much.
Reply to this commentThat is what I used to think. I found a great plugin that helps me update my WordPress blogs very quickly and it works like a charm. It is called Instant Upgrade.
Reply to this commentOh yikes! I’m glad they are atleast on top of things! Security risks scare me! I don’t know what I would do if someone screwed with my passwords…find them and…well you get the the point…
Reply to this commentSo John is there an easier way to update (like an automatic way) so I don’t have to keep accessing my files. Because this is really annoying me
Reply to this commentWho is your host Ryan? Some hosts allow you to easily and automatically update. I have Dreamhost and I can do it through my hosting panel with the touch of a button!
Reply to this commentWell you can get it’s plug-in as well to make it more automated once and for all!
Reply to this commentThanks for the heads up… I’ll definitely get on to that.
Reply to this commentYes that is true and i have already update it, well i use the wordpress auto upgrade and all happen perfectly , and my blogs automatically upgrade to the latest version, download it from the wordpress extend. Just activated it and press upgrade that’s all
Reply to this commentPain in the butt!
But it’s incredibly important to do the security updates as quickly as possible. I know people that have had multiple sites pwned because of an unsecure script on just one of them.
Reply to this commentIts painful to keep updating wordpress every 40 days
Reply to this commentAutomatic plugin.
Reply to this commentIt seems like everytime I get the bug worked out between my theme and the newest version of wordpress, they come out with another.
It’s a never ending battle.
Reply to this commentBackdoor update maybe? Wordpress could first run the update via plugin and widget providers to give them time to iron out any problems. Would it help? I sure don’t know, but in this case automatic update services would have something to work with.
Reply to this commentWhy can’t there be a version of WordPress that works properly? Why are there all of these security updates? PHP is not the best language for building secure and stable applications.
Reply to this commentMaybe they should start combining updates or something. I JUST upgraded.. It’s hard to keep up with them almost if you don’t pay attention.
Reply to this commentsomeone should do a final update for wordpress so it will automatically prompt you to download the updates when there is one..sort of like windows update. (i hope no one else mentioned this already, if so, good idea
)
Reply to this commentThe upgrades are crazy, but people should be glad that they don’t ignore bugs.
Reply to this commentI will definitely be updating my personal blog tonight. Seems like it shouldn’t be too difficult. I agree with everyone else though; there seems to always be new updates waiting for me on my dashboard.
Reply to this commentThis may be off topic a bit, but you just gained 600+ readers for the last couple of days, amazing!
Reply to this commentHum, seem now I don’t have time to blog as I keep on upgrading the 10 Wordpress blogs I own. I hope we will have soon an automatic Wordpress update like Mozilla
Reply to this commentI used the Wordpress Automatice Upgrade Plugin for the first time today. My heart was racing everytime I hit the “Next Step” button as I went through the upgrade process.
I fully expected it to crap out on me, and cause me to restore my backups and my themes folders.
Tick, Tick, Tick… I waited. As if a bomb would explode any minute. Then… It happened.
My version had successfully upgraded with no errors! This plugin is awesome!
You can get it here: http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-12-release.html
Reply to this commentI am not going to update. To be honest, I am fed up with wordpress. They don’t even protect their PHP. Sure this helps, but I have to recode all my files. Here is what I am talking about.
http://thebestforumever.com/coding-lair/3425-wordpress-flaws.html#post51802
Reply to this commentThanks for the headsup about the update. Sure, it might take a little bit of your time to update WP, but in the end, security is No. 1# priority.
Reply to this commenthoho. i just update to 2.6.1. I will update the latest one soon. Looks good huh!
Reply to this commentYay! I just upgraded mine last night.
Reply to this commentOh, i’ve got something else to say, i think you have to put back the category widgets on the sidebar… just to make it handy for us to switch category because we don’t need to wait another seconds to go back to frontpage…
Reply to this commentHas anyone lost all their wordpress from the upgrade. Any suggests for the best way. Meaning does anyone put it on a separate or external HD?
Reply to this commentI got a problem after successfully upgrading to 2.6.2. My theme’s sidebar suddenly appear at the bottom of the page. and this is only happen on the homepage only. All blog post page act as normal. I’ve tried to change to other themes but it still the same. I’m thinking of re-installing my wordpress if i still cannot find a solution by end of the week. Anybody facing the same problem? Any help from you guys is very much appreciated.
Reply to this commentI am starting to use wordpress too, still learning.
so, autoupgrades are fantastic or not? coz after reading all your comments, it got me thinking, maybe manual upgrades would be a bit better while deactivate the plug-ins, ftp newer files only mode and activate back the plug-ins, will it work?
cheers in advance for the answers.
Reply to this comment