WordPress Station

WordPress

If you haven’t seen your dashboard, or caught this in an email, it’s is imperative that you read up, and take action. From Matt on the dev blog:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

This is a serious situation, and one not to be taken lightly. For those new to WordPress, you may want to read over the codex page on how to upgrade.

If you have any questions, you should visit the support forums, or feel free to contact me about the process.

Futurosity is offering up a comprehensive list of ways to backup your WP database. Nothing is more valuable to a blogger than their content, which, for those still new to WP, is stored in your database. So routine backups (based on how often you post) is the single most preventative maintenance a blogger can do. Your theme and plugin folder only need backing up when new changes are made. Recommended reading for those who haven’t implemented a backup plan.

Skippy reported in the WP forums that a security vulnerabilty had been found in the database back-up plugin. Subsequently, in the same thread, he posted back with a fix that had been “cooked up” by Ryan. At root the plugin could exploit a “directory traversal vulnerability”, if done by someone with admin privileges. Which, no one should be giving admin privileges to someone they don’t trust.
That said, an updated version can be downloaded here.

Kudos to Skippy for bringing this public as soon as he was aware, and kudos to the team for getting a quick fix to a popular plugin that’s bundled with the download.

Though many are capable of doing manual backups, the automatic backup is a handy feature, and one that can easily save some headache and time for those that have multiple blogs, or are just plain lazy like this blogger.