Update Now!

This is a maintenance release that fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that also affected version 3.3.

Always stay up to date with WordPress as releases like this include security updates and if they issued a release it is important.

Click Here to download the latest version or update automatically through your dashboard.

WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements:

• Various security hardening.
  
• Taxonomy query hardening.
• Prevent sniffing out user names of non-authors by using canonical redirects.
• Media security fixes.
• Improved file upload security on hosts with dangerous security settings.
• Cleans up old WordPress import files if the import does not finish.
• Introduce “clickjacking” protection in modern browsers on admin and login pages.

Consult the change log for more details.

Download WordPress 3.1.3 or update automatically from your Dashboard.

A New WordPress Security Update is vaialable now!

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.  These issues only affect sites that have remote publishing enabled.

http://wordpress.org/news/2010/12/wordpress-3-0-3/

An update to WordPress bringing it to version 3.0.2 is available now  and you should update your WordPress websites.  This is a security update that fixes an exploit vulnerability.  This is considered a mandatory update so do it as soon as possible.

http://wordpress.org/news/2010/11/wordpress-3-0-2/

Spider or crawler robots that access your website are using your bandwidth.  Just like the real visitors that browse your site.

So, in the case of WordPress, they are also causing php calls to be made increasing your site’s CPU load and memory use.  This is all normal except when you see certain bots hitting your site a few hundred times a day.  In this case you may need to deny them access using your robots.txt file.  Hopefully they will follow the rules and leave you alone.  If they don’t you may need to ban them by IP address.  Try your robots.txt file first though and see what happens.  It usually works.

Here’s an example of  a robots.txt file disallowing access to a crawler.  Your robots.txt file should be in your website’s root directory and it is just a text file with something similar to the following.

#this one blocks all from the cgi-bin folder
User-agent: *
Disallow: /cgi-bin/

#this one blocks MJ12bot from all folders
User-agent: MJ12bot
Disallow: /

#this one blocks Yandex
User-agent: Yandex
Disallow: /

# This one keeps all robots out.
# User-agent: *
# Disallow: /

If you have a WordPress site, using a plugin like StatPress Reloaded will give you a list of spiders that are visiting your site and you can see how often they are crawling and what impact they have.

Another security issue has been discovered and patched. Upgrade your WordPress installations as soon as possible to avoid any possible problems. The issues deal with logged in users that have posting privileges so if this applies to your site upgrade automatically from the dashboard or download the new version 2.8.6 and upgrade manually.  As always, if you need any help just ask.

wordpress.org/development/2009/11/wordpress-2-8-6-security-release/

Although WordPress was made pretty secure with the release of version 2.8.4 this new version is called a “hardening release”.  It re-addresses the previous security issues and a couple of other things that needed tightening.  It is recomended that users upgrade to this version to be as secure as you can be.  Check out the article here and upgrade as soon as you can.  We did!!