WordPress Releases Another Critical Security Update!

Barely three weeks ago the WordPress development team released two important security updates and today they have released another and likely the most critical of the three.

Matt Mullenweg, WordPress Founder sent this out as a message this morning:

Message From: Matt Mullenweg, WordPress Founder

First off, happy holidays. I hope this time of the year, chilly for many of you, has given you time to enjoy family, friends, and loved ones and reflect on the year before and the year to come.

My last message to you this year is an important but unfortunate one: we’ve fixed a pretty critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible.

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

You can update in your dashboard, on the “updates” tab, or download the latest WordPress here:

http://wordpress.org/download/

The official release announcement is here:

http://wp.me/pZhYe-qt

Merry WordPressing in 2011,

–
Matt Mullenweg

Generally speaking there is always the recommendation to wait ONE (and only ONE) week after a any update release to push an upgrade.

It’s preferable to wait no more than a couple days on a security upgrade because that means the vulnerability is known to everyone and you become sitting duck.

However, in this case, the nature of this particular exploit would make it wise to do your backup and get this done NOW.

Before you ever upgrade your site be sure you have a backup of both your database AND your contents (if you’re doing this by plugins that often means two separate plugins).

There are a couple different solutions for backing up, but for those nervous of doing an upgrade from there, my preferred method of backing up WordPress from within the dashboard via plugins is found here.

The one-click upgrade that is now built into WordPress generally works well particularly for these incremental updates.

However, when you start doing major version updates such as when 3.1 is released (soonish), there are ways that you can upgrade WordPress with less risk that might interest you.

It is important that you get comfortable with doing backups and upgrades on your self-hosted WordPress blog as they are a way of life.

Skipping an upgrade unless its a purely cosmetic or feature change upgrade (which the larger numbers never are only) dramatically increases your risk of code injection exploits, hacking or misuse of your site in some form or fashion.

Have fun, play safe and give me a shout if you have any questions at all!

Kimberly Castleberry

PS: The letter from Matt should convey the sense of urgency – as a letter like that is not usually sent.

PSS: Would someone please find the noobs that are beating on our beloved WordPress code and tell them to knock it off?!?! Thank you to the WordPress team for working even during the holidays to ensure that we are safe!

I have some great news to share with our members. Last night I was able to restore the wordpress database tables and the blog is now back to it’s proper state.

I got all the comments in from yesterday but if I did miss any simply let me know and I can still add them back. All comments that were once assumed lost have been restored to their original state.

Apparently I had taken a back up on November 2nd but I completely forgot because it downloaded into a folder I don’t normally download into. Also to be completely fair I was sort of in panic mode when that software script deleted the existing database tables.

I know many of our guest blogging contestants will be happy to hear the news that all their comments to date have been restored and things are the way they naturally should be.

Ironically I was looking in my downloads folder for something and there sat the blogengage sql file stating the last modified date was Nov 2nd. I inserted it into a local database and to my surprise it was from Nov 2nd 2010.

I took everything that happened on Nov 3rd including comments etc and added it into the database so now were all caught up and back to normal. What a way to end the week on a positive note.

If your visiting our blog today please take a moment and comment, engage and tweet some of our guest blogger articles.

Submitted Articles

Guest Article – The Rebirth of SEO

By Benin – Contest Article

Guest Article – 5 Simple Ways to Increase RSS Subscriptions

By Jaleesa Dorsey– Contest Article

Guest Article – 15 Ways to Get More Comments on Your Blog

By Gloson – Contest Article

Guest Article – How To Get Fast Index And Rank For A Brand New Blog?

By Latief – Contest Article

Guest Article – A Picture Is Worth A Hundred Words

By Karen aka Blazing Minds – Contest Article

Guest Article – 7 Solid Reasons Why You Are Not Getting Blog Comments And How Can You Get More?

By Lee Ka Hoong – Contest Article

Guest Article – How to Add Real Time User Stats and Analytics Code To Your WordPress Dashboard

By Nate Balcom – Contest Article

Guest Article – Blogging is building a community

By Dave Lucas – Contest Article

Guest Article – Successful Blogging requires a plan! A big plan.

By Daniel Snyder – Contest Article

Guest Article – 10 Ways To Win This Guest Blogging Contest! READ THIS!

By Felix – Contest Article

Guest Article – Doc Says: Boosting Traffic to your Blog

By Doc Sheldon – Contest Article

Guest Article – The Truth About Making Money Online

By Kristi – Are You In It To Win It?

Guest Article – Gauging the Value of Article Submission Directories

By Dragon Blogger- BlogEngage $1000 Cash Contest

Guest Article – Doc Says: Ten Tested Cures for Writer’s Block

By Doc Sheldon – Contest Article

Guest Article – Doc Says: Crafting an Effective Title for Your Blog Post

By Doc Sheldon – Contest Article

Guest Article – The Importance of Networking

By Jimi Jones – Contest Article

Guest Article – Before we were bloggers…

By Rich Wallace – Contest Article

Guest Article – The Complete Guide To Make Money Blogging For Free!

By Felix – Contest Article

Guest Article – The Real Key to Blogging Success

By jeevanjacobjoh – Contest Article

Guest Article – How To Drive Consistent Traffic to Your Blog

By Melvin – Contest Article

Guest Article – Content VS Marketing VS SEO: Which Is The Real King?

By Felix – Contest Article

Guest Article – Doc Says: So You Want to be a Blogger?

By Doc Sheldon – Contest Article

Guest Article – Blogging Is…

By Benin – Contest Article

Guest Article – Doc Says: How to Build an Active Reader Base

By Doc Sheldon – Contest Article

Guest Article – Doc Says: How to Handle Trolls and Spammers

By Doc Sheldon – Contest Article

<a href="http://www.blogengage.com"><img src="http://www.blogengage.com/images/blog_engage_promo_1.jpg" alt="Blog Engage Blog Forum and Blogging Community, Free Blog Submissions and Blog Traffic, Blog Directory, Article Submissions, Blog Traffic"></a>

Be sure to add me as a friend, bbrian017

Twitter, bbrian017

Thanks,

Brian

Good day everyone! I have a few things I would like to discuss with you regarding the blogengage main site. I have recently added an images upload module which will allow you too add an image with your blog article submissions. This would be a great way to promote yourself and gather that little bit more attention we all so desire to our blog sites.. Being creative and unique will help generate the most traffic in the long run. Trust me people always click links when an image makes them focus or pay more attention to an article. Read this article but pretend whojaybe is referring to images when submitting to social networking websites instead of having an avatar.

Our first weekly Top Engaged member was awarded their prize last Thursday and a big congratulations goes out to them. It seems I made a mistake to when the week ends on the main site so we might be changing the day the winner is awarded. Keep visiting the blog for more updates regarding that.

Adding comments on the main site doesn’t appear to be working. I have placed a support request with the pligg community and I hope we can fix this ASAP. For the time being lets take advantage of this and Engage with other bloggers at their blog even more then before.

You may have noticed I lowered the amount of votes needed to hit the published pages! It’s currently at 5 and this will increase when the site picks up some and members start voting more often!

Due to the Weekly, Monthly and Yearly competition we can no longer offer free spots on the featured blog spot when first visiting blog engage. this wouldn’t be fair to a members trying to win the competition and never getting featured! So for the time being you will continue to see blog posts from our blog engage blog there! Keep in mind when voting for the blog engage blog we will not be counted in the Weekly Monthly or Yearly Top Engaged competition.

Top members images links will be removed form the header on the main site but still left in the sidebar! This is for slow loading reasons and it’s too much work to do manually! I’m sorry but I just don’t have the time to make it fair!

The forums are doing great! We are starting to have many conversations inside them and they continue to grow daily! We offer forums signature links and personalized blogging areas to update members on activities, contest and any other news you may have regarding your blogs.

Lets continue to work hard at making Blog Engage an awesome community and like I mentioned the comments issue is at my top priority! I’m sorry for the inconvenience this may be causing anyone who wished to comment on a submission but remember this is a great opportunity to go and reply on their blogs!

Thanks,

Brian B