WordPress MU 2.8.4

WordPress MU is a multi user or multi blog version of WordPress that is used to run sites like WordPress.com.

Today’s WordPress MU release is 2.8.4, a security release that fixes an annoying bug that allowed any user to reset the admin password. Your password was never at risk however so it’s more an annoyance than anything else.

Oh, thanks to everyone who tested the exploit on my blog. See? You didn’t get my password! 😛

Upgrade automatically from within your dashboard (first fix the upgrader if you haven’t updated to 2.8.3 yet), or download the new release from the download page and upgrade manually, overwriting your current install with the new files.

Edit: James Collins noticed that line 164 of wp-login.php wasn’t merged properly. If you downloaded 2.8.4, please grab 2.8.4a. Thanks James for the prompt feedback!

Author: Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

28 thoughts on “WordPress MU 2.8.4”

  1. Minor bug. 😀

    Thanks for the quick 2.8.4a. I saw the announcement last night, but I’ve learned to wait a little bit to see if it was a clean merge or not.

  2. Donncha, Thanks for the quick update. I received an email from one of my blogs (not MU) asking for a password reset. I ignored it. The bug is harmless, but it is annoying. Thanks.

  3. Thanks for the update.

    When I log into my admin area, at the bottom of the page, on the left hand side it says: Thank you for creating with WordPress MU 2.8.4a.

    However, on the same line, on the right hand side, it says:

    You are using a development version (2.8.4). Cool! Please stay updated and links to download the latest version.


    In the actual blog the generator is:

    What gives? Do I or do I not have 2.8.4a?


    1. Vikram – you’re using 2.8.4a, sorry for the confusion. The “You are using a development version” message should disappear next time your site checks the version number today.
      Unfortunately the footer will say 2.8.4 on the right but that’s incorrect. The version number on the left is correct.

  4. Hi, I have an upgrade question that’s been bothering me, as a mere mortal in the world of software installation.

    My website is currently running WordPress MU 2.6.5. I would like to upgrade to 2.8.4a. Can I just do a single upgrade, or do I have to upgrade to 2.7, then 2.8.1, etc.?

    Your instructions are generally very clear, thanks so much, and I hope you can help me out with figuring this one out.

  5. Hi Donnacha,

    Quick question, is there a simple mailing list one can subscribe to, so I can get an email when a new version/update of WP or WPMU appears? (I’ve looked. I dont have a wordpress account.) I was hoping of a nice quite mailing list I can join.


  6. what are the chances that WordPress MU will be scrapped, Matt has been speaking of some sort of merger of wordpress standard and MU?

    1. Technically speaking, it’s not being scrapped at all. In one sense, it means MU is becoming the standard, as of the merger.

      What I’d like to know is what they plan on doing with mu.wordpress.org, and more importantly the forums. Are they going to be merged? Are we going to have to mingle with all those old-time stand-aloners? Must we bump elbows now? *shudder* I heard they make their martini’s with vodka instead of gin.

  7. Hey NICE WORK keep it up..Learning tits and bits of WordPress hope to contribute in this amazing work soon.
    I have a question regarding timthumb.Usually when we use tithumb it points the themes folder in the blog directory.
    But as in WPMU the blog directory is different how can we use the timthumb script situated at the themes folder.
    It is the basic consideration for pulling the post thumbnails.


    1. I also ran into this problem, here is my workaround:

      <img src="/wp-content/themes/themename/thumb.php?src=http://example.com/wp-content/blogs.dir//ID, “image”, $single = true); ?>&h=57&w=100&zc=1&q=95″ alt=”” />


  8. Donncha,
    Does this attack that is going round at the moment affect earlier versions of WordPress MU? Since keeping MU totally up to date can be a bit tricky I’m wondering if this affects 2.7 users etc.

Leave a Reply