Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
May 25, 2012, 11:08:59 AM

Poll
Question: Are you fully updated?
WP update - 0 (0%)
WP security update - 0 (0%)
Total Voters: 0

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Critical Word Press security update!  (Read 3331 times)
t0ny
Support Supervisor
Space Explorer
*****
Offline Offline

Posts: 6
« on: January 03, 2011, 02:09:17 PM »
Hello,

If your WP site is not fully updated to 3.0.4 then please do so.  From what wordpress just announced not to long ago this update is critical.  For more information please visit http://wordpress.org/news/2010/12/3-0-4-update/  Thumbs Up

WordPress News

3.0.4 Important Security Update
Posted December 29, 2010 by Matt Mullenweg. Filed under Releases,Security.

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
Logged
Malin Cenusa
Support
Pong! (the videogame) Master
*****
Offline Offline

Posts: 21


WWW
« Reply #1 on: June 18, 2011, 03:21:38 PM »
WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements:

Various security hardening by Alexander Concha.
Taxonomy query hardening by John Lamansky.
Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
Improves file upload security on hosts with dangerous security settings.
Cleans up old WordPress import files if the import does not finish.
Introduce “clickjacking” protection in modern browsers on admin and login pages.
Consult the change log for more details.

Download WordPress 3.1.3 or update automatically from the Dashboard → Updates menu in your site’s admin area.
Logged
scanman20
Senior Moderator
Über Jedi
*****
Offline Offline

Posts: 1524



WWW
« Reply #2 on: June 18, 2011, 07:11:34 PM »
Didn't 3.1.3 come out over three weeks ago?
Logged
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP
sonuesco
Newbie
*
Offline Offline

Posts: 1
« Reply #3 on: July 14, 2011, 04:30:41 AM »
if our wp website is hacked what i do
« Last Edit: July 14, 2011, 01:50:35 PM by katrina1 » Logged
katrina1
Guest
« Reply #4 on: July 14, 2011, 01:53:00 PM »
See:

http://wiki.lunarpages.com/Web_Site_Security_Breaches
http://wiki.lunarpages.com/General_Web_Site_Security_Tips
http://wiki.lunarpages.com/Keeping_WordPress_Secure
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: