Free WordPress Security Mini Course

Comments   |   WordPress Updates

WordPress Updates to 3.0.5

If you follow the instructions on this Stop WP Hackers blog, you know that we strongly recommend you keep your wordpress website updated to the latest version of wordpress. On February 7, 2011, WordPress made the following announcement:

WordPress 3.0.5 was released to the public. This is a security update for all previous WordPress versions.

Short and sweet. You should either log into your host and use your Fantastico or SimpleScripts to update. Or log into your website and click the update link at the top to automatically update your website. Your website will automatically go into Maintenance mode for a few shorts moments and then everything should be fine.

Of course, we always recommend you test the update on a server or on a dummy site first. It’s not wise to just jump straight to updates on a site you care about in case the update breaks something. In our case, we did not have any trouble updating sites with this 3.0.5 update. But regardless of how confident you are feeling about updates, you should still make sure your site has a proper backup before you do anything.

This 3.0.5 update is a maintenance and security update that addresses 2 vulnerabilities. These vulnerabilities could have allowed a Contributor- or Author-level user to gain further access to the site. An information disclosure issue has also been fixed that allowed Author-level users to view the contents of posts which they should not be able to see, such as draft and private posts.

WordPress 3.0.5 features the addition of two new security enhancements, the first of which improves the security of plugins which were not properly utilising the platform’s security API. The other provides better defence against a vulnerability that was fixed in the previous version.

Leave a Reply