Peter Westwood on October 20, released WordPress V 2.8.5, and termed it the “Hardening Release”. Hardening Release means more preventive measures have been taken to secure WordPress.
Worthy of note though is an issue that was addressed dealing with a trackback spam denial of service attack which was discussed on the WP-Hackers mailing list the other day. This exploit takes advantage of the WP-Trackback.php file which would exhaust a servers resources when used. This problem is specifically addressed in the Hardening Release. This release also cover up some bug fixes.
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
Peter Westwood, recommends web masters to check out the WordPress Exploit Scanner, through which you can scan if your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit.
Saw this update Yesterday and the first thing which I did
was Backup my Db and updated the wordpress. Though wordpress are releasing very quick update..
thanx for the tip for the newbies harsh. But the WordPress automatic upgrade plugin is quite good for those who dont have much knowledge about backing up their database and cpanel stuffs