Tag Archives: 2.3.3

Backporting WordPress Security Fixes

Alex Schleber so dislikes WordPress 2.5 that he’s worked out how to patch version 2.3.3 with 2.5’s security patches instead of upgrading. It’s an approach I would recommend against. For one thing, there’s a good chance that one won’t recognize all of the patches via changelogs, if for no other reason than that sometimes new […]

Serious Security Flaw: Upgrade Immediately

Today a serious security flaw in the current version of WordPress surfaced in the support forums. Basically, a user with login rights but not editing capabilities can edit any post using XML-RPC. A quick fix is to delete the xmlrpc.php file, although you should be aware that this will also keep your site from receiving […]