Sofie Estolloso Hofmann Designs International

The new WordPress 2.8.5 version was released on October 20, 2009 just to make your sites or blogs as secure as possible. There was really no urgency in upgrading to this new version but I thought of upgrading all the websites and blogs in preparation for WordPress 2.9 which will be released in either late November or early December.

As mentioned at the WordPress Blog, WordPress 2.8.5: Hardening Release, the headline changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

I finished upgrading all the blogs and sites listed below:

Sofie Estolloso Hofmann Designs International
Sofie Hofmann dot com
Weggis along Lake Lucerne Switzerland
Pandan Antique Philippines
Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions
ISYU.INFO Around the World
Patria Diesel Power Plant Issue
Semirara Dumpsite Issue
Tugbong Festival
PAGTATAP Foundation
Philippine Seafarers Assistance Programme
Leocadio Alonsagay Dioso Memorial Public Library

I normally would upgrade all the WordPress Plugins first before upgrading to the latest WordPress release, in this case, to WordPress 2.8.5. In one of my web hosts, I was not able to upgrade the WordPress Stats Plugin automatically because it cannot locate ‘downloads.wordpress.org’ so I just upgraded it manually. I was afraid that I might not be able to use the WordPress Automatic Upgrade but when I did, it went fine.

I also checked the wp-config-sample.php and wp-cron.php files which I was telling you about in this blog entry, WordPress 2.8 to WordPress 2.8.4 wp-config-sample and wp-cron files, no closing tags. Up to now, the two files have no closing tags yet.

I still had a problem with the WordPress Image Gallery Code which I mentioned when I upgraded to WordPress 2.7.1, and again, when I upgraded to WordPress 2.8 Baker (Gallery Code Problem), WordPress 2.8.3 (Image Gallery Problem and Solution), WordPress 2.8.4, and in this new release, WordPress 2.8.5.

I found the solution for the WordPress Gallery Code problem anyway, so I just commented all the four necessary lines at post.php file which can be found under the wp-includes folder. I do not like to do it over and over again, but I have no choice. I might have to reorganize the images or photos one of these days.

I use the WordPress Automatic Upgrade feature in upgrading all the blogs and websites. Everything went fine except for the two problems that I mentioned that I have been having since WordPress 2.7.1. I have no other major problems regarding upgrading from WordPress 2.8.4 to WordPress 2.8.5. Thanks goodness!

By the way, every time I upgrade, I test all the sites in my local computer. I have PHP, phpMyAdmin, and WordPress installed in my local computer. I make sure that everything is fine before I upgrade.

One more thing, and it is a very important reminder!

Backup your WordPress database and files first before you upgrade.

Have you upgraded to WordPress 2.8.4? If you did not upgrade yet, then you better upgrade now. It was on September 5, 2009 when it was reported that a worm was discovered making its way around old and unpatched versions of WordPress.

If you have not done anything yet, your WordPress is definitely very vulnerable to this worm. Matt, the co-founder of WordPress, wrote a blog entry on how to keep your WordPress secure and if you have not read it, I suggest that you read it. He explained everything extensively.

Matt wrote that blog entry a long time ago and I am just reminding you all about it in case you have forgotten to upgrade. You do not want your site or blog get hacked, right? Then do something now. It might not be too late yet.

Aside from the worm, an admin password reset exploit was found at the old versions which I mentioned when I upgraded to WordPress 2.8.4 Security Release. You can read about it at this blog entry, Upgraded to WordPress 2.8.4, Reset Password Vulnerability.

If you do not want to upgrade, then fix your WordPress wp-login.php file. How to fix the wp-login.php file? Read this blog entry, Fix: WordPress Admin Password Reset Exploit, at ProgrammerFish.

On the other hand, I really recommend that you upgrade to the latest version of WordPress even if you can fix the wp-login.php file and even if WordPress 2.8.3 is immune to this worm. If you have an older version than WordPress 2.8.3, you have more reasons to upgrade.

But in case your blog or site got attacked or hacked and then you upgraded without fixing it first, then your site or blog remained hacked. If your blog got attacked or hacked, fix or clean your blog first before you upgrade.

Lorelle wrote a very good article about this issue, things you need to know, how to know if your site has already been attacked, how to prevent your WordPress blog from being attacked, if your WordPress blog has been attacked, and how to respond to a WordPress attack. Read this blog entry, Old WordPress Versions Under Attack, at Lorelle on WordPress.

Reminder though, before you upgrade, backup your files, your WordPress theme, database, and all the other necessary files. Follow the instructions at the WordPress Codex on Upgrading WordPress and Upgrading WordPress Extended.

It is a good practice to always upgrade your WordPress to the latest release to avoid getting attacked or hacked. Upgrade constantly and keep your WordPress secure.

I finished upgrading all the blogs and sites that I maintain yesterday from WordPress 2.8.3 to WordPress 2.8.4, Sofie Estolloso Hofmann Designs International, Sofie Hofmann dot com, Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions, ISYU.INFO Around the World, Patria Diesel Power Plant Issue, Semirara Dumpsite Issue, Pandan Antique Philippines, Tugbong Festival, PAGTATAP Foundation, Philippine Seafarers Assistance Programme, Weggis along Lake Lucerne Switzerland, and Leocadio Alonsagay Dioso Memorial Public Library, all of them in just one day. Imagine I just upgraded to WordPress 2.8.3 from WordPress 2.8 last Monday, August 10, 2009.

But it is again time to upgrade your blog or site to WordPress 2.8.4. The new WordPress 2.8.4 version is a security release. It is highly recommended that you upgrade your blog or site NOW as there is a vulnerability with the previous version of WordPress wherein anybody can reset the admin password.

A URL can be requested which will reset your admin password. I will not give you the idea on how to do it as it will only make your blog or site vulnerable. I tested it myself. It does not allow remote access but it could give you inconvenience.

When someone tries to reset your password, the message will be sent to the email address of the admin, so there should really be no danger. You can get your new password and you can change your password again once you are logged in.

The problem here is, when someone tries to reset the password more than 100 times on your blog or site, then you will probably get confused which password is the right one. You do not want that to happen, right? Then upgrade your blog or site now.

I finally finished upgrading all the blogs and sites that I maintain, Sofie Estolloso Hofmann Designs International, Sofie Hofmann dot com, Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions, ISYU.INFO Around the World, Patria Diesel Power Plant Issue, Semirara Dumpsite Issue, Pandan Antique Philippines, Tugbong Festival, PAGTATAP Foundation, Philippine Seafarers Assistance Programme, and Weggis along Lake Lucerne Switzerland, from WordPress 2.8 to WordPress 2.8.3 Security Release. I skipped upgrading to WordPress 2.8.1 and WordPress 2.8.2 as I was on vacation when those WordPress versions were released.

I also upgraded the Leocadio Alonsagay Dioso Memorial Public Library from WordPress 2.6.5 to WordPress 2.8.3 Security Release skipping all the other versions which were released before WordPress 2.8.3. So far, I did not encounter any problem when I upgraded Dioso Library site despite skipping WordPress 2.7 and WordPress 2.8.

I encountered a problem though with some of the sites concerning the image gallery but was also able to solve it.

What exactly was the problem?

Well, with my other sites, the images did not appear because I have 2 or more subfolders under a subfolder under wp-content folder. This problem occurred without checking “Organize my uploads into month- and year-based folders” as I would like to have yearly subfolders only and without the monthly subfolders. I have uploaded several images in different years like 2008 and 2009, in separate subfolders under a subfolder under wp-content folder.

Example 1:
wp-content/files/2008
wp-content/files/2009

Then, with the other sites, I did not only have different years but made use of the feature where we can just check “Organize my uploads into month- and year-based folders”. Checking “Organize my uploads into month- and year-based folders” would mean the images would be in separate monthly subfolders as it created 2009 for year 2009 and different subfolders for different months, 01 for January, 02 for February, and so on. In this case, the images did not appear too.

Example 2:
wp-content/files/2009/01
wp-content/files/2009/02

As I see it, the problem has something to do with having 2 or more subfolders under wp-content folder or 2 or more subfolders under a subfolder of wp-content folder instead of 1 subfolder only. I have sites where I uploaded the images in 1 subfolder only and I have no problem with them.

Example 1:
wp-content/uploads

Example 2:
wp-content/files/images

What was the solution?

I just commented the particular codes which I already mentioned in my blog entry Solution to WordPress 2.7.1 Gallery Code Problem.

And that was it! Everything went back to normal again.

I finally finished upgrading problogit.com, sehdi.com, sofiehofmann.com, weggis.net, pandan.ph, tugbong.pandan.ph, pagtatap.org, psap-parola.org, isyu.info, patria.isyu.info and semirara.isyu.info sites and blogs from WordPress 2.7.1 to WordPress 2.8 Baker. A lot of bugs have been fixed but I guess not everything. There will always be something that will be left behind.

I encountered a problem and that is with regard to the WordPress 2.7.1 gallery code problem which I already encountered when I upgraded the blogs and sites from WordPress 2.7 to WordPress 2.7.1. To resolve the problem, I just followed what I wrote regarding the solution to WordPress 2.7.1 gallery code problem. Other than that, everything went fine. There were definitely a lot of improvements at the new released WordPress 2.8 Baker. Below is a quick video overview of the improvements at the new released WordPress version.

One remarkable thing that I also noticed was upgrading using the built-in automatic upgrade is now possible with my web hosts here in Switzerland. I had a problem before using the WordPress automatic upgrade which I also mentioned when I upgraded WordPress 2.6.5 to WordPress 2.7 Coltrane because of the safe mode restriction. Although the safe mode is still on, I was able to upgrade the blogs and sites hosted at my web hosts here in Switzerland by just supplying the FTP details.

I did not see anymore those function error notices every time I attempted to use the WordPress automatic upgrade. I do not know if it was corrected on the part of my web hosts or on the part of WordPress. I checked the fixed tickets but I did not find the appropriate discussion about it. Nevertheless, if ever it was on the part of WordPress, thanks again WordPress people!