Upgrade to Wordpress 2.3.3 Now!
I’ve been asked by some Blokesters if we should upgrade to Wordpress. Admittedly I was hesitant to do it because I had just moved over to Wordpress and got everything working great.
I was also concerned that it might knock out some of my plugins which I have been experimenting with. Like they say “if it ain’t broke… don’t fix it“. So I decided to put it off for awhile.
Well after reading some of the security warnings I’ve decided to take the plunge and upgrade, and so far (knock on wood) I’ve seen no problems.
WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs…
The security fix is easy. Just download the fixed version of xmlrpc.php and copy it over your existing “xmlrpc.php” file in your cPanel. The “xmlrpc.php” file can be found in the public_html/ folder in a normal Wordpress installation. Also, as always make a backup first before messing with your Wordpress files.
I contacted my blog host company Bluefur and within 5 minutes they completed the upgrade. I must say that I’m very impressed with their support and if you didn’t take advantage of their $10/year lifetime offer then you should have.
Hindsight is 20/20 eh?