WordPress 2.6.3 Available for Download

WordPress has released a security update to their blogging software. A vulnerability was discovered in the Snoopy library. WordPress uses Snoopy to fetch the feeds shown in the Control Panel Dashboard.

Although this seems to be a low risk vulnerability for WordPress users, the company wanted to get an update out immediately. 2.6.3 is available for download right now.

Because this is a security issue, all WordPress users must upgrade. Fortunately, this new release updates only two files. If you don’t want to download the entire WordPress program just to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.

Replacing two files is a lot easier than upgrading an entire WordPress installation. This has been the easiest to install update yet.

56 thoughts on “WordPress 2.6.3 Available for Download”

  1. Clog Money says:

    I think it’s fantastic that even with wordpress being open source free software the developers are so security conscious and release updates so frequently. Three cheers for wordpress!

    1. Opensource and free yes, but wordpress as a company makes a massive amount of income each month, and growing insanely!

      Something like $31million last year and are now at 26 staff members (the parent company weblogs inc)

      So its their job to ensure that there are no errors

      1. Huh? How does wordpress earn money?
        They don’t charge anything, is it the sponsors?

        1. Danny Cooper says:

          On the hosted sites they do charge for extra features. I’m sure they have other ways of making money though.

  2. This is great! I was once a Joomla fanatic but they NEVER worked on security issues like that of the WP crew. Thanks!

    1. Ryan McLean says:

      Yea, the Joomla crew doesn’t work even CLOSE to as much as the WP crew. Well I better go get these updates. I wouldn’t want anyone getting at my blog.

      1. Danny Cooper says:

        It’s good to see some people actually supporting WP. I see alot of people trashing it for ‘too many updates’.

    2. Joomla isn’t a blogging application, so you can’t really compare WordPress to it. If you use WordPress as a CMS in the same way as Joomla, WordPress falls short. I would never build a non-blog web site with WordPress.

      1. I disagree with this. It’s possible to use WordPress as a CMS like Joomla. You just have to know how to do it right.

  3. Gabriel Lai says:

    Thanks John for the tips…. yea, it will be a lot easier to replace the file than waiting for the updates from Fantastico development team…. 🙂

  4. MouthyGirl says:

    I love WordPress, and the fact that any time there is an update, or one coming, between you and Shoemoney I know before I even write for the day…. thanks for the heads up!

  5. Keral Patel says:

    Sadly can’t upgrade due to some plugins and my theme that I have customized a bit.

    1. John Chow says:

      Those files shouldn’t affect any plugin or themes. You should be able to upload and replace.

    2. Be careful when you install WordPress updates. You should have another copy of WordPress installed somewhere to test the updates before doing it on a live installation. When I upgraded WordPress 2.3 a while back, it destroyed my blog due to extensions it didn’t like and I wasn’t able to do an update from 2.2 until 2.3.x was released.

    3. you may want to check with a wordpress programmer

  6. BusinessX says:

    Add my voice cheering for the WordPress community. I tried a number of other blog/CMS softwares and the other communities do not even come close.

  7. I don’t mind the updates like this, I just hate thinking about how long it went “unsecure” before the update.

    1. Think about the other security holes that haven’t been reported. WordPress is using an outdated version of PHP (4.3) which has numerous security issues. Its time to update the PHP to version 5.2.

      1. Maybe they will with the 2.7 update.

  8. Tyler Ingram says:

    Bah I was offended by the popup that hit me when followed the link on Twitter John! lol

    When is 2.7 coming for WP?

    1. CoolProducts says:

      Haha, I was hit with the same one.

  9. Greg Ellison says:

    I don’t like that Popup either you already have the form. why do you need another form?
    Thanks for the update about wordpress. Greg Elliosn

  10. Greg Ellison says:

    I don’t like that Popup either you already have the form. why do you need another form?
    Thanks for the update about wordpress. Greg Ellison

  11. jorge says:

    Thanks for the heads up john! I think i will just update the 2 files instead of doing the full update.

  12. dev says:

    update the 2 files can save a lot of time than full update~

  13. 2.7 looks cooler. I think I’ll wait for 2.701 to wait for the bug fixes on a major upgrade.

    1. Danny Cooper says:

      Don’t go complaining wordpress if something bad happens to your blog then.

  14. Danny Cooper says:

    I find it amazing that people complain that there are ‘too frequent updates’. Would these people seriously rather wait until there blog gets hacked, and then the WP team release an update?

    1. I agree with you. If anything, people should be grateful that they care enough about their software to release security updates. I’m baffled by the people that keep complaining about this. Makes you wonder how much they actually value the technical part of their blog.

  15. Scott says:

    Love WordPress!

  16. Mike Huang says:

    Things like this makes you wonder how many more bloggers are going to be hacked in the future…


    1. Danny Cooper says:

      Judging by some bloggers resistance to updates and upgrades, a lot.

  17. David says:

    Thanks for the heads up, will download asap.

  18. Allan says:

    didn’t 2.7 come out?

    1. Danny Cooper says:

      2.7 Preview shots have been released, it looks amazing, but it is not released just yet.

      1. Yeah, it looks great. I think they’ve had some regular bloggers testing it out.

  19. I upgraded the second I saw the notice in my Dashboard.

  20. do you know, when the 2.7 one will be released.

    John, my blog templates was error after upgrading it. What happend?

  21. Marilyn says:

    I’m a recent WordPress convert. I was on Blogger for months and had no idea what I was missing. I love WordPress now… the flexibility is amazing!

    Thank you for John, for highlighting the specific files to be updated. It made the process much easier. I’d like to see WordPress build an auto-updater function!

  22. Arfan says:

    How easy is it to Update your WordPress? Do you loose anything or is it a simple Process?

    1. you mean updated posts ?? its the most simpliest CMS I ve ever handled

  23. Jeremy Day says:

    Hi John,

    Glad I ran across this. This makes it a whole lot easier to upgrade.


  24. Ben Pei says:

    Huh is it a must to update?

    1. Considering the fact that it’s a security flaw, I would say that it is.

  25. I replaced the files as soon as I saw this.

    It was really suprising and caught me off guard. When I saw the notification in my admin panel that a new version was out, I immediately thought 2.7, but was totally disappointed to find out that it wasn’t.

  26. Just updated my WP….good thing … i don’t want to see that “update you version” anymore. I don’t even know what extra stuff I get.

  27. Sire says:

    Honestly I am quite happy to download the whole thing as it’s a good excuse to backup my files. Anyway, it’s a breeze with the auto upgrade plugin.

  28. As started by the WordPress crew, the expected launch of 2.7 is mean’t to be on the 10th November. I’m looking forward to it, although I can already see what the support forums are going to look like.

    With the new comments system that’s being implemented, which does look very good, and replaces quite a few plugins, maybe even the one John uses here, the comments.php will need to be coded slightly different. (There will be many people asking how on earth to do this I bet!)

    I hate the fact that people go around talking negative about the blogging software, when they HAVEN’T even given it a shot themselves. Now yes, there are some things that could possibly be upgraded, but I’m sure in time they’ll come.

    The day v2.7 comes out, and I hope it is Nov 10th, then I’ll be upgrading my blog as soon as I can. I’ve seen the screenshots, and also checked out a live demo, and it’s just hot! – There are just so many options, and you could now start designing some themes around the new features.

    Anyway, enough rambling from me on the subject, and let’s just wait for the ‘big’ day to happen!


  29. charles says:

    Congratulations to wordpress users!! We blogspot users don’t have things like that.

  30. Web3 says:

    Three cheers for WordPress – whoopwhoop!

  31. I don’t mind the updates like this, I just hate thinking about how long it went “unsecured” before the update.

  32. Dfunda says:

    what are the developments in this version?

Comments are closed.