Category: WordPress News

WordPress Security Updates

Good catch: "WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts." Does this sound familiar if you have been following WordPress updates for a while.

Well, I found that most security patches are related to certain kind of level access users. We do not give Contributor-level or higher to any users unless it is really necessary or to someone you can trust to certain extend.

Of course, whenever possible, we should upgrade our WordPress as soon as the new security release is available. For this reason, we found that Lunarpages hosting is great as their setting allows you to do "one click upgrade" from the WordPress Dashboard | Updates. For VPS hosting such as Linode or Slicehost, you need to change the owner of the WordPress installation folder to www-data to enable the "one-click" upgrade, but if you are not familiar with Linux, the process could be a bit tricky. What I mean is, in order to do the automatic WordPress upgrade withou FTP, we need to make the files and folders writable by the Web server. It is the same requirement for installing plugins without ftp and writing config files.

e.g. If your WordPress is installed in /var/www/wordpress, the basic linux command is
chowner -R www-data /var/www/wordpress
However, some people are also concern about another security issue caused by this setup if there are other sites (owned by different people) sharing the same Web servers.

Well, if you want convenience, you sacrifice your security on the other hand. If you do want more security, don't share your Web server with others, and it means you need to pay more. It is like sharing the same house or room with your schoolmates.

WordPress 3.1 Is Here!

WordPress 3.1 was released on Feb. 22nd, 2011 (Some said it was 23rd, but Matt Mullenweg's blog announced it on Feb. 22nd). This version is named "Reinhardt" in honor of the jazz guitarist Django Reinhardt.

Notable New Features of WordPress 3.1

Here are some new features in the spotlight:
1. a lightning fast redesigned linking workflow: It enables you to link to your existing posts and pages. They call this feature "Internal Linking".
2. a new Admin bar in the front end when you are logged in and viewing the site. It lets you click to your most-used dashboard pages quickly.
3. a streamlined writing interface: to hide many of the seldom-used panels by default so you see a cleaner screen when composing.

And other great new features for developers: new Post Format support (Standard, Gallery, Aside, Image, Video, etc), new CMS capabilities, new Network Admin with an import and export system, and the ability to perform advanced taxonomy and custom fields queries.

In Matt's words: "With the 3.1 release, WordPress is more of a CMS than ever before."