Upgrade Wordpress to 2.8.4

Patrician · 09-05-2009, 01:07 AM

Don't know if you guys saw this in the main forum or not, but in speaking to my host it is a serious security threat. GO AND UPGRADE ANY VERSION PRIOR TO 2.8.4

Host4Profit has some security in place and has not seen any actual hacks, but did find some attempts. Better safe than sorry -

Jeff Houdyshell might* help you if you can't do it yourself. (for a fee)
http://www.wordpressmax.com/

http://www.warriorforum.com/main-int...p_referer.html

Leads to explanation
Wordpress MySQL Injection - Permalink hack %&({${eval(base64_decode($_SERVER[HTTP_REFERER]

Here is another report of a previous attack.

Help! My Blog Posts Now Have Weird Code on the URL

From Wordpress.org

WordPress 2.8.4: Security Release

Posted August 12, 2009 by Matt. Filed under Releases, Security.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

GT · 09-05-2009, 01:05 PM

Hi, Patricia:

I don't have a WordPress blog (yet), but thanks for posting updates like these, whether WordPress or whatever. It's good to keep each other informed just in case we miss something posted elsewhere.

GT

Alan Mater · 09-05-2009, 01:30 PM

Thanks for bringing this to our attention, Pat.

I've been putting off updating my blogs, but after reading this I'm going to go ahead and do it. I'm in the process of backing everything up now.

Thanks!

Graham Maddison · 09-05-2009, 02:36 PM

Thanks Pat,

after reading your alert, I have now successfully updated all of my blogs (5 of em).

I really appreciate the advice.

Graham

Alan Mater · 09-05-2009, 02:42 PM

I've now upgraded both of my blogs successfully.

xtreme newbie · 09-05-2009, 04:18 PM

Saw this alert on Facebook where a friend posted this from Mashable: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] - WordPress Attack Underway: WordPress Users Must Upgrade [ALERT]

I just upgraded 12 blogs. Luckily no problems but that was too close a call. Whew!! From now on I'm going to stay current on my Wordpress upgrades.

Hope everyone at the forum sees this thread.

warriortx · 09-05-2009, 05:01 PM

Thanks for the heads up because I didn't know

houdy · 09-05-2009, 06:43 PM

Always backup the database and the wp-content folder before an upgrade. In fact you should have a backup strategy. I have never needed a backup personally but have had many people contact me with lost blogs who didn't.

Backup the database on H4P:
Backup WordPress Database

This will show you how to backup the wp-content folder and more:
Scheduled Backup Of Your WordPress Blog

sndas · 09-11-2009, 03:40 AM

Hi Pat,
Thanks for your update. But one question..
I have installed WP to my site just 2 days ago.
Also I am yet to start posting any blog.
is it still required to upgrade?

Thanks
Satya das

houdy · 09-11-2009, 06:39 AM

Satya if you are not seeing a warning on the upper area of the WordPress dashboard then you have the latest version and don't need to upgrade. When you login to the main dashboard you should see what version you are using and the latest right now on 9/10/09 is WordPress 2.8.4

landon · 10-13-2009, 02:30 PM

Hi Everyone I just saw the threat about upgrading our wordpress blogs. But how do you do that? Don't you have to backup the blog posts first? I have never done that before, how serious is the threat? Thanks Dianne

Stephen Meyer · 10-13-2009, 02:34 PM

On you back office left column look for "upgrade". Click that and it will tell you if you need to. If you do just click upgrade from there and select automatic. It will do it for you.

Quote:

Originally Posted by landon

Hi Everyone I just saw the threat about upgrading our wordpress blogs. But how do you do that? Don't you have to backup the blog posts first? I have never done that before, how serious is the threat? Thanks Dianne

09-05-2009, 01:07 AM	#1
Patrician Moderator War Room Member Join Date: Aug 2004 Location: USA Posts: 10,334 Thanks: 1,639 Thanked 557 Times in 419 Posts Social Networking	Upgrade Wordpress to 2.8.4 - Security Threat Don't know if you guys saw this in the main forum or not, but in speaking to my host it is a serious security threat. GO AND UPGRADE ANY VERSION PRIOR TO 2.8.4 Host4Profit has some security in place and has not seen any actual hacks, but did find some attempts. Better safe than sorry - Jeff Houdyshell might* help you if you can't do it yourself. (for a fee) http://www.wordpressmax.com/ http://www.warriorforum.com/main-int...p_referer.html Leads to explanation Wordpress MySQL Injection - Permalink hack %&({${eval(base64_decode($_SERVER[HTTP_REFERER] Here is another report of a previous attack. Help! My Blog Posts Now Have Weird Code on the URL From Wordpress.org WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, Security. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
	Patricia Brucoli, theaptconsultant/dba the3rdpartynetwork.com Member Support Director, Plug-In Profit Site --> Click Here for the PIPS Helpdesk \|Earn Residual Income\| Make Money Online\|Internet Marketing Services\|Christian Classics eBooks\|

09-05-2009, 01:05 PM	#2
GT Senior Warrior Member War Room Member Join Date: Oct 2007 Location: Northern Alberta , Canada. Posts: 1,511 Blog Entries: 217 Thanks: 143 Thanked 119 Times in 105 Posts Social Networking	Re: Upgrade Wordpress to 2.8.4 - Security Threat Hi, Patricia: I don't have a WordPress blog (yet), but thanks for posting updates like these, whether WordPress or whatever. It's good to keep each other informed just in case we miss something posted elsewhere. GT
	* iLearning Global - NOW! Profit from the Personal Development Industry - Join the Team * Take The Tour! ===> SAVE money in YOUR town. MAKE money online! <=== * Niche Marketing Guide: How to get it FREE * StarrBizz.com, Web Biz Opportunities \| Web Bizz Blog, News and Views * Follow Me On Twitter: gtbulmer \| StarrBizzcom \| ThinkGreen4Life

09-05-2009, 01:30 PM	#3
Alan Mater Freelance Proofreader War Room Member Join Date: Aug 2008 Location: Pennsylvania, US Posts: 1,358 Blog Entries: 2 Thanks: 51 Thanked 115 Times in 100 Posts Social Networking Contact Info	Re: Upgrade Wordpress to 2.8.4 - Security Threat Thanks for bringing this to our attention, Pat. I've been putting off updating my blogs, but after reading this I'm going to go ahead and do it. I'm in the process of backing everything up now. Thanks!
	Work From Home Opportunities \| Legitimate Work From Home Jobs Professional Proofreading and Editing Services Work From Home Resources Blog

09-05-2009, 02:36 PM	#4
Graham Maddison Graham Maddison War Room Member Join Date: Aug 2008 Location: Luton, England Posts: 860 Thanks: 165 Thanked 148 Times in 97 Posts Social Networking	Re: Upgrade Wordpress to 2.8.4 - Security Threat Thanks Pat, after reading your alert, I have now successfully updated all of my blogs (5 of em). I really appreciate the advice. Graham
	make money with no money Quick Start To Internet Marketing The Newbie Manuals

09-05-2009, 02:42 PM	#5
Alan Mater Freelance Proofreader War Room Member Join Date: Aug 2008 Location: Pennsylvania, US Posts: 1,358 Blog Entries: 2 Thanks: 51 Thanked 115 Times in 100 Posts Social Networking Contact Info	Re: Upgrade Wordpress to 2.8.4 - Security Threat I've now upgraded both of my blogs successfully.
	Work From Home Opportunities \| Legitimate Work From Home Jobs Professional Proofreading and Editing Services Work From Home Resources Blog

09-05-2009, 04:18 PM	#6
xtreme newbie Active Warrior War Room Member Join Date: Aug 2009 Location: Michigan Posts: 93 Thanks: 60 Thanked 14 Times in 14 Posts Social Networking	Re: Upgrade Wordpress to 2.8.4 - Security Threat Saw this alert on Facebook where a friend posted this from Mashable: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] - WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] I just upgraded 12 blogs. Luckily no problems but that was too close a call. Whew!! From now on I'm going to stay current on my Wordpress upgrades. Hope everyone at the forum sees this thread.
	Extreme Newbies Two affiliate marketing newbies share resources and a lotta lessons learned on the way to making money online.

09-05-2009, 05:01 PM	#7
warriortx TxCpa War Room Member Join Date: Jul 2009 Posts: 705 Blog Entries: 6 Thanks: 28 Thanked 166 Times in 29 Posts Social Networking	Re: Upgrade Wordpress to 2.8.4 - Security Threat Thanks for the heads up because I didn't know
	Professional Search Engine Optimization *PR-5-9 Backlinks and Get Googles Front Page* ----Get A Blog That Makes Money---- IMAGINE A VIDEO SPOKESPERSON ON YOUR WEBSITE!

09-05-2009, 06:43 PM	#8
houdy Advanced Warrior Join Date: Aug 2006 Location: The Midwest Posts: 961 Thanks: 1 Thanked 59 Times in 49 Posts	Re: Upgrade Wordpress to 2.8.4 - Security Threat Always backup the database and the wp-content folder before an upgrade. In fact you should have a backup strategy. I have never needed a backup personally but have had many people contact me with lost blogs who didn't. Backup the database on H4P: Backup WordPress Database This will show you how to backup the wp-content folder and more: Scheduled Backup Of Your WordPress Blog
	Jeff Houdyschell WordPress Guides \| WordPress Installation WordPress Powered PIPS Run your site on WordPress. Work At Home Business Blog \| Proven Income Opportunities \| Best Work At Home Jobs

09-11-2009, 03:40 AM	#9
sndas HyperActive Warrior War Room Member Join Date: Jun 2009 Posts: 268 Blog Entries: 3 Thanks: 20 Thanked 16 Times in 14 Posts Social Networking Contact Info	Re: Upgrade Wordpress to 2.8.4 - Security Threat Hi Pat, Thanks for your update. But one question.. I have installed WP to my site just 2 days ago. Also I am yet to start posting any blog. is it still required to upgrade? Thanks Satya das
	Get Your Articles/Blogs written by a friendly Ghost writer. The Secret Of Free Traffic Technique Work From Home Based Business Affiliate Marketing Business Idea

09-11-2009, 06:39 AM	#10
houdy Advanced Warrior Join Date: Aug 2006 Location: The Midwest Posts: 961 Thanks: 1 Thanked 59 Times in 49 Posts	Re: Upgrade Wordpress to 2.8.4 - Security Threat Satya if you are not seeing a warning on the upper area of the WordPress dashboard then you have the latest version and don't need to upgrade. When you login to the main dashboard you should see what version you are using and the latest right now on 9/10/09 is WordPress 2.8.4
	Jeff Houdyschell WordPress Guides \| WordPress Installation WordPress Powered PIPS Run your site on WordPress. Work At Home Business Blog \| Proven Income Opportunities \| Best Work At Home Jobs

10-13-2009, 02:30 PM	#11
landon Active Warrior Join Date: May 2008 Location: , , .Greenville NC Posts: 75 Thanks: 81 Thanked 3 Times in 3 Posts Social Networking Contact Info	How Do I upgrade my Wordpress Blog Hi Everyone I just saw the threat about upgrading our wordpress blogs. But how do you do that? Don't you have to backup the blog posts first? I have never done that before, how serious is the threat? Thanks Dianne
	http://www.onlinegreat.org Top Home Based Business http://www.onlinegreat.org/blog