| | ||||||||
| |||||||||
 |
09-05-2009, 01:07 AM
| #1 |
| d'modulator War Room Member  Join Date: Aug 2004 Location: USA
Posts: 11,334
Thanks: 4,036
Thanked 1,665 Times in 1,176 Posts
|  Upgrade Wordpress to 2.8.4 - Security Threat
Don't know if you guys saw this in the main forum or not, but in speaking to my host it is a serious security threat. GO AND UPGRADE ANY VERSION PRIOR TO 2.8.4 Host4Profit has some security in place and has not seen any actual hacks, but did find some attempts. Better safe than sorry - Jeff Houdyshell might* help you if you can't do it yourself. (for a fee) http://www.wordpressmax.com/  http://www.warriorforum.com/main-int...p_referer.html Leads to explanation Wordpress MySQL Injection - Permalink hack %&({${eval(base64_decode($_SERVER[HTTP_REFERER] Here is another report of a previous attack. Help! My Blog Posts Now Have Weird Code on the URL From Wordpress.org WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, Security. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress. |
|
Patricia Brucoli, theaptconsultant-b2b/dba the3rdpartynetwork Member Services Director, Plug-In Profit Site Click Here for the Plug-In Profit Site Helpdesk * KEEP KEN STRONG WSO * * KIMW MEGA WSO * * KimW-Catastrophic Fund * | |
|  |
|
09-05-2009, 01:05 PM
| #2 |
| Senior Warrior Member War Room Member  Join Date: Oct 2007 Location: Northern Alberta , Canada.
Posts: 1,894
Blog Entries: 265 Thanks: 915
Thanked 292 Times in 221 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
Hi, Patricia: I don't have a WordPress blog (yet), but thanks for posting updates like these, whether WordPress or whatever. It's good to keep each other informed just in case we miss something posted elsewhere. GT  |
|
* Home Business Opportunities and Affiliate Resources * Submit Articles Free to this Popular Article Directory * Brand Yourself! – Social Networking for Internet Marketers * The Time Has Come To Unlock Your Potential - Accelerate your Success! * Follow Me On Twitter: gtbulmer | MyPowerSite | StarrBizzcom | |
| |
|
09-05-2009, 01:30 PM
| #3 |
| Freelance Proofreader War Room Member  Join Date: Aug 2008 Location: Pennsylvania, US
Posts: 1,566
Blog Entries: 2 Thanks: 56
Thanked 154 Times in 136 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
Thanks for bringing this to our attention, Pat. I've been putting off updating my blogs, but after reading this I'm going to go ahead and do it. I'm in the process of backing everything up now. Thanks! |
| AshMax - Earn $22,300 per month 100 days from now Work From Home Opportunities | Legitimate Work From Home Jobs Professional Proofreading and Editing Services Work From Home Resources Blog | |
|
| |
|
09-05-2009, 02:36 PM
| #4 |
| Graham Maddison War Room Member  Join Date: Aug 2008 Location: Luton, England
Posts: 954
Thanks: 223
Thanked 199 Times in 114 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
Thanks Pat, after reading your alert, I have now successfully updated all of my blogs (5 of em). I really appreciate the advice. Graham |
|
Are you looking for a business opportunity that’s property related? Well, the answer may be closer than you think – right on your doorstep perhaps. In fact, there’s money to be made anywhere you see a property for sale. Let me explain…  | |
|
| |
|
09-05-2009, 02:42 PM
| #5 |
| Freelance Proofreader War Room Member Join Date: Aug 2008 Location: Pennsylvania, US
Posts: 1,566
Blog Entries: 2 Thanks: 56
Thanked 154 Times in 136 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
I've now upgraded both of my blogs successfully.
|
| AshMax - Earn $22,300 per month 100 days from now Work From Home Opportunities | Legitimate Work From Home Jobs Professional Proofreading and Editing Services Work From Home Resources Blog | |
|
| |
|
09-05-2009, 04:18 PM
| #6 |
| HyperActive Warrior War Room Member  Join Date: Aug 2009 Location: Michigan
Posts: 115
Thanks: 69
Thanked 23 Times in 23 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
Saw this alert on Facebook where a friend posted this from Mashable: WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] - WordPress Attack Underway: WordPress Users Must Upgrade [ALERT] I just upgraded 12 blogs. Luckily no problems but that was too close a call. Whew!! From now on I'm going to stay current on my Wordpress upgrades. Hope everyone at the forum sees this thread. |
| Color Me Social Techie sisterpreneurs helping time and tech challenged small business owners use social media and other online tools for growth and profit. | |
|
| |
|
09-05-2009, 06:43 PM
| #8 |
| Advanced Warrior  Join Date: Aug 2006 Location: The Midwest
Posts: 971
Thanks: 1
Thanked 63 Times in 52 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
Always backup the database and the wp-content folder before an upgrade. In fact you should have a backup strategy. I have never needed a backup personally but have had many people contact me with lost blogs who didn't. Backup the database on H4P: Backup WordPress Database This will show you how to backup the wp-content folder and more: Scheduled Backup Of Your WordPress Blog |
| | |
|
| |
|
09-11-2009, 03:40 AM
| #9 |
| Advanced Warrior War Room Member  | Re: Upgrade Wordpress to 2.8.4 - Security Threat
Hi Pat, Thanks for your update. But one question.. I have installed WP to my site just 2 days ago. Also I am yet to start posting any blog. is it still required to upgrade? Thanks Satya das |
| ARTICLES :- Article Writing & Article Marketing WEBSITE :- Minisite Developer & Designer AFFILIATE MARKETING :- Make Money as an Affiliate FORUM :- Make Money Online From Home | |
|
| |
|
09-11-2009, 06:39 AM
| #10 |
| Advanced Warrior Join Date: Aug 2006 Location: The Midwest
Posts: 971
Thanks: 1
Thanked 63 Times in 52 Posts
| Re: Upgrade Wordpress to 2.8.4 - Security Threat
Satya if you are not seeing a warning on the upper area of the WordPress dashboard then you have the latest version and don't need to upgrade. When you login to the main dashboard you should see what version you are using and the latest right now on 9/10/09 is WordPress 2.8.4
|
| | |
|
| |
|
10-13-2009, 02:30 PM
| #11 |
| Active Warrior  Join Date: May 2008 Location: , , .Greenville NC
Posts: 79
Thanks: 86
Thanked 3 Times in 3 Posts
|  How Do I upgrade my Wordpress Blog
Hi Everyone I just saw the threat about upgrading our wordpress blogs. But how do you do that? Don't you have to backup the blog posts first? I have never done that before, how serious is the threat? Thanks Dianne
|
| http://www.onlinegreat.org Top Home Based Business http://www.onlinegreat.org/blog | |
|
| |
|
10-13-2009, 02:34 PM
| #12 | |
| Senior Warrior Member War Room Member  Join Date: Oct 2007 Location: Ada,OK , USA.
Posts: 1,479
Thanks: 83
Thanked 288 Times in 197 Posts
| Re: How Do I upgrade my Wordpress Blog
On you back office left column look for "upgrade". Click that and it will tell you if you need to. If you do just click upgrade from there and select automatic. It will do it for you. Quote:
| |
| | ||
|
| |
 |
|
| Tags |
| blog, security, threat, upgrade, wordpress |
| Thread Tools | |
| |
 |
