WordPress 2.6.2 Is Out: Care If You Have Open User Registration
Yet another version of WordPress is out. The official development blog just announced that WordPress 2.6.2 is out, which aims to fix an exploit of the open user registration feature.
In theory this is not a security hole, because all that a malicious user would be able to do is to reset the password of other users (which is annoying but not critical). But coupled with another security bug it looks like a talented guy could also predict the new passwords.
So bottom line is: if you allow open registrations on your blog, upgrade. If you don’t, it is up to you.
On a side note to the WordPress team (if any of you read this blog, which I doubt…): how about scheduling the releases on a quarterly basis, unless a critical security exploit comes up? It might be me, but it looks like WordPress 2.6.1 was released 2 weeks ago.
Another idea would be an automatic, one-click upgrade integrated into WordPress.
Get My Best Internet Marketing and Entrepreneurship Tips
- Don't worry, I only send out emails once or twice a month.
- But when I do, it's because I have something valuable to share!
- You don't want to miss those, and it's completely free!
24 Responses to “WordPress 2.6.2 Is Out: Care If You Have Open User Registration”
I will only upgrade my WP when only major version or critical bug fixes is out. It consumes a lot of time if you (me) want to upgrade 5 blogs at once.
Dan @ PowerDosh.com
It’s also apparent that their testing process is not that great. They seem to have a high degree of reactive development releases.
There is a wordpress automatic upgrade plugin which you can use to ease the pain a bit.
I hadn’t even updated to 2.6.1 since the update wasn’t recommended but I think I’ll upgrade to this one soon, even though I don’t have open user registrations.
Yes, I allow Open Registrations, So I figured Why not I guess? I also have the Automatic WordPress Installtion plugin which makes it a breeze to do.
But Yes that would be sweet if WordPress could do some kind of a One click intergrater that ONLY updates the files it needs for current Wordpess users.
Dan @ PowerDosh.com
Thinking about it, there’s potential for someone to write a tool that allows you to easily update all of your wordpress installs from your desktop.
Oh.. I’m really tired of this… Seems we need to upgrade WP every week… OOps 🙂
Wrt your last sentence,
there is a plugin to do the needful.
Ya, getting WordPress to upgrade as seamlessly as the plug-ins do now would be really sweet.
What I’ve just recently is the wordpress-automatic-upgrade plugin. It lets your installation upgrade automatically, and though it’s not as smooth as it could be, it sure beats opening up the FTP client.
Ummm…really basic question but what is “open registration” and where do I find it to change it if I wanted too? Thanks!!
p.s. There’s an automatic WP upgrade plug-in?
I’ll be holding off. I just upgraded to 2.6.1 a few days ago. They definitely need a release schedule, except for critical security issues.
One click upgrade would be quite helpful.
I tried the plugin which is supposed to incorporate one click feature but got error during the install.
You should all check out SVN installs and upgrades. Basically, just copy the line to upgrade via SVN, paste it in your terminal and BAM, wordpress is updated!
Really quite painless and quick.
Also, wordpress team, keep those updates coming! I’d rather get too many releases (which we can ignore) rather than too few!
Holding off until 2.7 unless absolutely necessary. Everyday I see the upgrade prompt and every day I resist the urge to click.
Qutting The Day Job
Not going to upgrade just yet.
Last upgrade was a bit painful when several plug-ins quit working and had to be abandoned or tweaked.
I’ll wait for a major upgrade but an auto upgrade (non-plugin) sure would be nice….with a backup feature of course.
wordpress seem to be develop by a bunch of amateurs
they need to hired some real developers
I think your last point is absolutely dead on. I hate the fact that my hosting provider does not always pick up the latest WordPress update in order to offer a quick (safe?) way to upgrade a WP site from the Admin Panel within their own system. This allows people like me who are afraid to screw stuff up manually doing it a chance to stay current as well.
WP has implimented the plugin update feature right into WP, I don’t see why they couldn’t make at least SOME of the smaller WP updates available at a click from within WP’s admin area.
As a non techie, I say no thank you at least for now. The version I currently have has been a PITA for me as it is (at least getting it on my site). If I had some help, maybe. 🙂
@Lilla, open registration is when you enabled a WordPress feature that allows any visitor to create a user account on your blog.
By default this is not activated.
I have upgrade phobia. The last 5 minute install took me 5 days to fix and get back to where I started. WP 2.5.1 won’t allow me to post at a future date, (sends my post into never never land) so I would like to upgrade. I will try the plug in.
I haven’t as yet upgraded any of my blogs and some are still working on 2.5 or there abouts. Just worried that it may not go as smoothly as I would like.
So what, you’re saying that you’d rather they wait a few months for their release, giving hackers more time to exploit a problem in the code? Becuase that’s what a quartely release-type situation would lead to…
i agree with #13,
WP2.6.2 may be not necessary for update now! 2.7
thank for your kindness. i love your theme so much.
For incremental upgrades, do you need to install 2.6.1 prior to 2.6.2 or for major releases, do you need to go from 2.5 to 2.6 then to 2.6.2? Can you go to 2.6.2 from 2.5 since it overwrites every single file anyway? I wanted to make sure prior to messing things up.
wordpress very easy and very good
Comments are closed.