10 {{ upvoteCount | shortNum }}
10 {{ upvoteCount | shortNum }}

Warning: You must Upgrade Your WP Blog Now

by hmigroupllc
8 replies
I don't usually send out any threads like this, but Wordpress released an upgrade today that is specifically to stop a malicious iframe file from being injected into your server via WP.

It has happened to two of my marketing blogs the past two days.

I highly encourage you to do the upgrade immediately, or your blog web pages could disappear.

What happens is a "fake" index file is placed on your server with an iframe to a blank script.

This same code is also injected into other files.

You really need to do this upgrade.

Thanks

Wayne Sharer
#blog #upgrade #warning
  • Profile picture of the author tommen
    Thanks for the heads up! I use 2.8.4 at the moment.I usually wait a month before upgrading because some of the plugins I use will necessarily not work after the upgrade.
    Signature
    BestOnlineBusinessTraining.com [Visit My blog]
    {{ DiscussionBoard.errors[1381951].message }}
  • Profile picture of the author Michael Oksa
    Thank you, Wayne.

    I know it takes a while for some of my plug-ins to catch up to new versions of WP. But I would rather be without a plug-in or two for a little while than to have my site wiped out. That's my take on it anyway.

    All the best,
    Michael
    Signature

    "Ich bin en fuego!"
    {{ DiscussionBoard.errors[1381984].message }}
  • Profile picture of the author Istvan Horvath
    To be honest, the 2.8.6 was released yesterday and the two issues addressed by this newest version have nothing to do with injection:
    2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
    The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
    Source: WordPress › Blog WordPress 2.8.6 Security Release
    Signature

    {{ DiscussionBoard.errors[1381990].message }}
    • Profile picture of the author hmigroupllc
      Well, this isn't about twisting and turning meanings and words. My host says that the Wordpress Fix issued today will stop the injections.

      Whether or not it is specifically to do with the specific insecurity really doesn't matter.

      I would do the upgrade, and argue semantics later.

      Have a great day.

      Wayne Sharer
      Signature
      How Start a Flow of Quality Website Traffic You Can't Stop
      {{ DiscussionBoard.errors[1382023].message }}
      • Profile picture of the author Istvan Horvath
        Originally Posted by hmigroupllc View Post

        Well, this isn't about twisting and turning meanings and words.
        Originally Posted by hmigroupllc View Post

        [...] argue semantics later.
        What can I do... I am linguist as my basic profession. I do care about the words and meaning :p.
        Signature

        {{ DiscussionBoard.errors[1382056].message }}
  • Profile picture of the author jazbo
    Wordpress, dont ya love it.
    Signature
    CONTENT WRITER. Reliable, UK-Based, 6 Years Experience - ANY NICHE
    Click Here For Writing Samples & Online Ordering
    {{ DiscussionBoard.errors[1381994].message }}
  • Profile picture of the author J Bold
    That sucks. What number upgrade is this? You talking about 2.8.5?
    Signature
    {{ DiscussionBoard.errors[1381998].message }}
  • Profile picture of the author TheRichJerksNet
    No thanks I will stay with my secured 2.6.5 version .. This is the problem, every time a update is released people go running to install it instead of waiting.

    This is why you should secure your own blog and stop doing all those freaking updates just for those cool new features. Personally I find 2.8 with many issues and have found it even less user friendly than what wordpress was before.

    James
    {{ DiscussionBoard.errors[1382048].message }}

Trending Topics