On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2.
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
Users running from svn code aren’t affected, but then you probably already knew that already didn’t you? You should be subscribed to Hackers and Testers lists.
Don’t worry if you’re running a WordPress MU site. That isn’t affected, although you should upgrade to the latest 1.1.1 release as that fixes a number of problems with 1.0 as well as merging in some security fixes from WordPress core.
WordPress.com users have nothing to worry about.
20 thoughts on “You didn't hear? Upgrade now!”
Even made slashdot too!
Why can Microsoft not patch holes this quickly?!
done… people is really caring about this topic.
so nice ^_^
Even with an upgrade, delete the old files first. It will keep your blood pressure down.
InsiderOuter – Because of Microsoft management. Microsoft is in a completely different field and dealing with way more people than WordPress, and management thinks as long as majority of the people are satisfied, it is ok to take things slow to be on the safe side. 🙂
how can ye let this happen?
Hi Donnacha, maybe a stupid question but I’ll ask anyway, I upgraded to 2.1, but have not gone up to 2.1.1 yet am I still in the shit? I haven’t got access to broadband or a decent connection for another 2 weeks, downside of being on a ship, what could happen?
Cheers Tim (a worried sailor blogger)
Michael – sometimes bad things happen in the world. It would be infinitely worse if we sat on it, released a new version and didn’t make a huge fuss about it. Aren’t disclosure and open source great?
Tim – the malicious code inserted into the hacked version of the zip file won’t be on your system but there were other bug fixes that made 2.1.1 a necessary upgrade.
If you can find the time, upgrade your host just in case. Can you ssh? or will you be ftping files up from your slow location? If you can ssh into your host you can wget the file from there, so it won’t matter how slow your connection is!
Go raibh maith agat! Cheers Tim
I had updated a while ago, so wasn’t affected, but it was a good excuse to update anyway 😉
I wonder who HASN’T heard so far…although I’ve seen some very old WP installs out there, I’m talking v1.xx
This only concerns the users who downloaded 2.1.1 from the website in the past few days. The code was inserted about 4-5 days ago so if you downloaded it before that you should not be affected. Anyhow better safe than sorry so you should download and install asap.
Good to know! I’ll upgrade now, oh and can you tell me where I can download your theme??