There has been a lot of press on the HeartBleed bug recently and it is scaring a lot of WordPress site owners/admins. Since we have a popular security plugin, we are getting a lot of questions about this. So, in this article I will explain what HeartBleed bug is and what you need to do on your WordPress site (if any).read more

As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence.  This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.

read more

In business, choosing a web hosting account can be a time-consuming process, but if you’re setting up a website, it’s just the beginning of the journey. Once you begin to develop your website and add content, your hosting account becomes a valuable business asset – one that is worth defending against malicious attacks and intrusion.

Here are five easy, practical ways to keep your hosting account secure as your website grows.read more

WordPress 3.3.2 is available now and is a security update for all previous versions.

Three external libraries included in WordPress received security updates:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.

WordPress 3.3.2 also addresses:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.

Not confident to update wordpress yourself? kimtown can do it for you! Visit the shoppe for this upgrade offer!


WordPress 3.4 Beta 3 also available

Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)

This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments andreporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!

Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use theWordPress Beta Tester plugin.

The latest and greatest version of the WordPress software — 3.3, named “Sonny” in honor of the great jazz saxophonist Sonny Stitt — is immediately available for download or update inside your WordPress dashboard.

WordPress has had over 65 million downloads since version 3.0 was released, and in this third major iteration we’ve added significant polish around the new user experience, navigation, uploading, and imports. Check out this short video that summarizes the things we think you’ll find are the cat’s pajamas:

Introducing WordPress 3.3 “Sonny”

Introducing WordPress 3.3 "Sonny"

For Users

Experienced users will appreciate the new drag-and-drop uploader, hover menus for the navigation, the new toolbar, improved co-editing support, and the new Tumblr importer. We’ve also been thinking a ton about what the WordPress experience is like for people completely new to the software. Version 3.3 has significant improvements there with pointer tips for new features included in each update, a friendly welcome message for first-time users, and revamped help tabs throughout the interface. Finally we’ve improved the dashboard experience on the iPad and other tablets with better touch support.

For Developers

There is a ton of candy for developers as well. I’d recommend starting your exploration with the new editor API, new jQuery version, better ways to hook into the help screens, more performant post-slug-only permalinks, and of course the entire list of improvements on the Codex and in Trac.

 

 

WordPress 3.3.1 Security and Maintenance Release

Posted January 3, 2012 by Ryan Boren. Filed under ReleasesSecurity.

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.

 

Make sure you are on the current version ALWAYS!! If you aren’t sure how to do this, we can do it for you! 

 

 

 

 

CREDITS
(Disclaimer: We do not carry credit for this post nor any of the photographs or documents; we are simply sharing information, you may not otherwise see, in accordance with the copyright laws and under a Creative Commons Attribution 3.0 License of the USA) {Original content from WordPress.org Posted December 12, 2011 by Matt Mullenweg. Filed under Releases.}

Hang With Us