Another Wordpress Update
It always seems to happen when I go on holiday! Wordpress 2.8.4 was released back on the 12th August and fixes another security bug that had been found. It was to do with the bypassing of the confirmation of the request for a password change. It’s not a biggy as it just means someone possibly COULD request your password reset for you. But all that would happen would be you would be emailed a new password.
Annoying but not too terrible.
It does, however, make me more glad that I don’t use the default admin account within Wordpress. One of the first things I do when I set up a new Wordpress site is to create another administrator and then demote the default admin down to a subscriber. This leaves the default admin in the WP database but removes any of their rights.
I’ve never had any security issues with Wordpress sites except once the St John’s site was hacked by Iskorpitx although as far as I can tell that was to do with a weakness with cPanel rather than Wordpress but it is better to be safe than sorry. There are a few plugins around that make your install more secure – you can find most of them through the Wordpress plugins directory but the main one is “Secure Wordpress” which offers quite a few little changes (such as removing the error message from the login page, removing information about the version of WP you are using etc) and they all add up to make a secure install of WP.
The best way to keep your Wordpress install safe is by staying up to date with the releases. Which makes the automatic update feature really useful. And while I’m talking about updating Wordpress – it doesn’t sound as if version 2.9 is too far away. The biggest development seems to be aimed at the multi media side of things and Rudolf Lai has been working on implementing photo albums within Wordpress as part of Google’s Summer of Code which is almost over. There are other media features being looked at such as basic image editing and an update to the way media is embedded within WP. Another change due is the switch to MySQL 4.1.2 instead of 4.0 which is around five years old now!
I’m already looking forward to it. I also read that Version 3.0 (also due sometime 2010 – Wordpress adopted a regular 3 – 4 month release schedule) may be merging Wordpress and Wordpress MU into a single product. Although the information only comes in a comment and I’ve not heard any more about that yet.
Just going back to the secure Wordpress thing again – Matt (of Wordpress fame) posted an article on the best way of keeping Wordpress secure a couple of weeks back.