Don't Panic! WordPress Is Secure

Posted November 8, 2005 by Dougal Campbell. Filed under Security.

There is news of a worm which uses a vulnerability in the PHPXMLRPC libraries to spread a computer virus. Some articles are pointing to out-of-date information claiming that WordPress 1.5 is vulnerable. That is incorrect. WordPress 1.5 or higher is safe. Since the release of version 1.5, WordPress has used a completely different XML-RPC library, called IXR.

Older WP versions (1.2.x and earlier) are vulnerable, however. If for some reason you are still running a pre-1.5 version of WordPress, you should upgrade immediately to the latest version, WordPress 1.5.2 “Strayhorn”. If upgrading poses a problem for some reason, and if you don’t need pingbacks or blog client API functionality, simply delete the class-xmlrpc.php and class-xmlrpcs.php files from your installation’s wp-includes directory (but you really should upgrade).

Also if you ever come across something you feel might be a security problem in WordPress, please send a note to the special address we’ve set up for security purposes and we will address it as quickly as possible.

Bug Hunt

Posted November 3, 2005 by Matt Mullenweg. Filed under Events.

You are invited to the WordPress Bug Hunt on Saturday, November 5th, 2005!

Whether you’re a die-hard WordPress hacker or just looking to gain some familiarity with WordPress internals, we need your help! Join us in #wordpress-bugs on irc.freenode.net as we triage and eliminate as many bugs as possible. Work with us to confirm bugs, submit and test patches, and generally geek out.

All you need to bring is a text editor, and an installation of WordPress 1.6-ALPHA! We’ll provide the snacks, and manage the schedule.

We’ll start as soon as you arrive, so please be prompt!

See WordPress Bug Hunts on the Codex for additional information. This looks to be a recurring effort, so if you can’t attend this one, stay tuned for future Bug Hunts! We’ll also be working on Sunday, though the main thrust of the event is Saturday.

The Blogging Enterprise Conference

Posted November 1, 2005 by Matt Mullenweg. Filed under Events.

If any of you are in or near Austin, TX this Wednesday you should definitely check out the one-day Blogging Enterprise conference on November 2nd at the University of Texas. It looks like it’s going to be a great program, and I’ll be speaking on “Sorting Out RSS Software, Tools, and Technology” at 11:15 AM. Of course the best reason to go is they use WordPress to power their entire site. I’m looking forward to the conference and spending some time in Texas again.

Update: Shel Isreal blogged the panel and also has been blogging the rest of the conference. 

See Also:

Want to follow the code? There’s a development P2 blog and you can track active development in the Trac timeline that often has 20–30 updates per day.

Want to find an event near you? Check out the WordCamp schedule and find your local Meetup group!

For more WordPress news, check out the WordPress Planet or subscribe to the WP Briefing podcast.


Subscribe to WordPress News

Join 1,931,373 other subscribers


%d bloggers like this: