Wordpress Version 2.0.3 Review
WordPress, the premier free open-source blogging utility, has gone through several upgrades in its life. Today it's one of the most popular blogging tools on the Internet; it's easy to use, powerful, and very versatile. It also has a very active base of skilled users who are eager to improve the product and to help out those who haven't tried it before. Though the Strayhorn 1.5 version is the favorite for many, it is not as stable or as secure as the newest version 2. The best part of the new version is the security patch; the new "nonce" security key reduces the chances of a malicious hacker finding a way into your admin panel. Besides the security patch, though, several minor bugs have been squashed with this version. Though a major upgrade to 2.1 is due out soon, the 2.
3 is something you should definitely download and install if only because of the security fixes, which were actually backported from the major upgrade files. In addition to the 2.3 install, you should be aware that some bugs have already been found, and that a plugin will need to be installed to repair those bugs. If you modify any of the files that this patch plugin fixes, you'll need to either merge the changes with the new files or make those changes manually once again. You can find these issues by running a diff to locate changes; if the only changes you find are your own, then you're fine, and otherwise you'll need to merge them manually into the new files. The short list of what WordPress 2.3 fixes includes: •Small performance enhancements •Movable Type / Typepad importer fix •Enclosure (podcasting) fix •The aforementioned security enhancements (nonces) One mostly annoying bug shipped with 2.
3 as well. It gives you an "Are You Sure?" dialog when you edit comments, and adds a backslash before each quotation mark in the post you're editing. Make certain to download the patch. What's Up With The Security Problem? The security problem seems minor, but the WordPress team is fixing it before it grows into something major. It's a bug that takes advantage of the cookie you download when you sign into WordPress. The cookie in question prevents anyone unauthorized from accessing your admin panel. It's tied to your user account, and verifies that you are the authorized administrator of the account you're working on. The bug that's being fixed is one that takes advantage of a sociological trick. If someone created a link or a form pointing to your WordPress admin account, they might possibly be able to trick you into clicking the link.
The nonce is unique to the specific WordPress install being used, the WordPress user logged in, the action, the object of the action, and the 24-hour time of the action. When any of these is changed, the nonce is no longer valid. All plugin authors will have to ensure the nonce is added to their forms and other interactive capabilities that may be affected. Upgrading from WordPress 2.2 to 2.3 As with any upgrade, the first thing you should do is back up everything: the files in your WordPress directory, the database plugin with any changes, and any data you have added should be backed up as well. In addition, it might be a good idea to do a second backup of your entire WordPress directory just in case something goes wrong with your install.