WordPress Exploit

Critical Announcement affecting ALL Wordpress users! Disable User Registration Now!

Hello WordPress Lovers,

According to Dr. Dave a grave security exploit has been found in all versions of WordPress.

If you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin > options: make sure “Anyone can register” is not checked).

Update:

WordPress 2.0.4 has been released which fixes this security issue:

WordPress 2.0.4, the latest stable release in our Duke series, is available for immediate download. This release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid release across the board.

Take Care,

Will

Tags: , , , , , , , , , , , , , , ,

WordPress 2.0.3 Released

WordPress 2.0.3 has been released!

Hello WordPress users,

WordPress 2.0.3 has now been publicly released! So what is new you ask?

  1. Small performance enhancements
  2. Movable Type / Typepad importer fix
  3. Enclosure (podcasting) fix
  4. The aforementioned security enhancements (nonces)

The latest in the stable 2.0 series, 2.0.3, is now available for download. This is a bug fix and security release, and is recommended for all WordPress users. In addition to an issue that was raised on Bugtraq a few days ago, we’ve also backported a number of security enhancements from 2.1 to further enhance and protect your blog.

Upgrading is fairly simple, just overwrite your old files with the latest from the download. When you go to your admin it will give you a link to update your database.

Listing of Bugs Fixed in WordPress 2.0.3

Enjoy,

Will

Tags: , , , ,

Lyceum 0.31 Released

Lyceum 0.31 has been released – A multi-user WordPress application

Hello Multi-User WordPress Wanna Be’s,

Lyceum 0.31 has been released. Go get it! As I mentioned before, this is a special release for Lyceum, because beyond this point, all future point releases will include upgrade scripts and documentation. Administrators can now feel confident about designing a Lyceum deployment without having to worry about difficult upgrades in the future.

Developed by ibiblio.org, Lyceum is a stand-alone multi-user blogging application, designed for the enterprise. Utilizing the fantastic, intuitive WordPress blogging engine at its core, Lyceum enables stand-alone, multi-user blog services for small and high-volume environments. Lyceum is GPL-licensed, under active development, and free to use.

To see Lyceum in action, head on over to their Demo Area .

Enjoy,

Will

Tags: , , , , , , , ,

Word Press 2.0.1 Released

Word Press 2.0.1 Released

Word Press 2.0.1 Has Been Released

All in all we’ve closed 114 bugs in the 2.0.1 release, which you’re welcome to check out if you’re curious about every fix.

To summarize:

  1. You can now specify an upload directory, and whether to use date-based storage or not.
  2. Caching has been fixed under certain PHP enviroments.
  3. Permalinks have been fixed for weird enviroments as well.
  4. XML-RPC uploading works.
  5. Compatibility with older versions of PHP.
  6. Several WYSIWYG fixes and cleanups.
  7. Imports now use much less memory.
  8. Now works with MySQL 5.0 in strict mode.

Download Word Press 2.0.1

Enjoy,

Will