Free WordPress Security Mini Course

Comments   |   WordPress Updates

WordPress Version 3.1.3 Fixes Security Holes

We notify you every time WordPress updates because we believe it’s important to keep your website upgraded. WordPress often makes major changes to the backend design and the code, but more importantly, they make lots of minor updates like this 3.1.3 update that fix security issues.

The interesting thing to note with this update is that WordPress has already scheduled 3.2 to release in just about a month. So they felt these security holes were a big enough problem that they wanted to release a minor update just a few weeks before that update.

For all you tech-savvy users, here’s a summary of what was changed:

  • Various security hardening by Alexander Concha.
  • Taxonomy query hardening by John Lamansky.
  • Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
  • Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
  • Improves file upload security on hosts with dangerous security settings.
  • Cleans up old WordPress import files if the import does not finish.
  • Introduce “clickjacking” protection in modern browsers on admin and login pages.

You can read the full release notes here (including what files were updated in the code): http://codex.wordpress.org/Version_3.1.3

Leave a Reply