WordPress 3.1.3 Brings Security Updates

WordPress 3.1.3 Brings Security Updates

WordPress 3.1.3 Brings Security Updates

WordPress version 3.1.3 has been released to the public as of May 25, 2011.

This is an important security update and it helps protect your WordPress blog. This release includes security fixes and enhancements, including the new feature “clickjacking” protection.

We recommend you upgrade to WordPress version 3.1.3 ASAP.

WordPress version 3.1.3 includes the following security fixes and enhancements:

  • Various security hardening by Alexander Concha.
  • Taxonomy query hardening by John Lamansky.
  • Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
  • Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
  • Improves file upload security on hosts with dangerous security settings.
  • Cleans up old WordPress import files if the import does not finish.
  • Introduce “clickjacking” protection in modern browsers on admin and login pages.

I found a great article by Lucian Constantin explaining these new security fixes and explainations. He goes into great detail on the new “clickjacking” protection feature and more. Be sure to check it out here.

Files Revised in WordPress 3.1.3:

  • readme.html
  • wp-admin/admin-ajax.php
  • wp-admin/custom-background.php
  • wp-admin/custom-header.php
  • wp-admin/includes/class-wp-plugins-list-table.php
  • wp-admin/includes/import.php
  • wp-admin/includes/media.php
  • wp-admin/includes/post.php
  • wp-admin/includes/template.php
  • wp-admin/includes/update-core.php
  • wp-admin/ms-delete-site.php
  • wp-admin/plugins.php
  • wp-admin/press-this.php
  • wp-app.php
  • wp-includes/canonical.php
  • wp-includes/class-oembed.php
  • wp-includes/default-filters.php
  • wp-includes/formatting.php
  • wp-includes/functions.php
  • wp-includes/meta.php
  • wp-includes/post.php
  • wp-includes/query.php
  • wp-includes/taxonomy.php
  • wp-includes/theme.php
  • wp-includes/version.php
  • wp-login.php

In other news, the WordPress developers report that they are on schedule for WordPress 3.2. They have just released WordPress 3.2 Beta 2 for testing purposes. It is not recommended that you use it on production sites.

Important!

As we get ready for the new release of WordPress 3.2, it’s a good time to make sure that your site is currently running on a minimum of PHP 5.2 and MySQL 5.0.15 or higher. Once WordPress 3.2 is released, PHP 4 and MySQL 4 will not be supportedby WordPress. And you will not be able to upgrade to the newest version. Not sure if your website meets these requirements? You can check easily by installing the Health Check plugin. More information here.

WordPress & Security Resources:

Important!

If you’re self-hosting WordPress on your own domain, you need to protect it by upgrading to WordPress 3.1.3 as soon as possible.

Leave your feedback

Have you upgraded to WordPress 3.1.3? Did you upgrade WordPress automatically through the Dashboard or manually? Do you have any WordPress plugin issues with WP version 3.1.3? If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.

 


About the Author

Chad

Freelance web developer and designer residing in Pittsburgh, PA I enjoy creating custom applications and websites to solve real-world problems. When I am not coding away I enjoy trying new craft beers from around the world.

Leave a Reply

New Blog Post: MySQL Using the JOIN Operand Within a Query - http://goo.gl/KHUij