Comments on: Wordpress 2.3.3 Security Retro-Fit

By: Seo

Seo — Thu, 01 Jul 2010 16:12:02 +0000

Excellent advice. I know how important it is to comment on other blogs. This article made me realize how much more important it really is! I’ve been doing forum comment but only see minimal traffic with that technique. I think blog comment is a much better approach. I start to give it a try. Crossing my figers for better results shopping guide!

By: Foreign exchange

Foreign exchange — Thu, 01 Oct 2009 06:31:02 +0000

I read your blog & it has really awesome information.These days there is slam in business & many famous companies are also going to down. However it is good blog have impressive information

By: Fit Business Trip. | 7Wins.eu

Fit Business Trip. | 7Wins.eu — Fri, 14 Aug 2009 15:14:53 +0000

[...] small-business-reviews.co.uk » Blog Archive » Making Your Travel Insurance Fit Your NeedsWordpress 2.3.3 Security Retro-Fit | Business Mind Hacks [...]

By: Is your Wordpress blog hacked? Why not upgrade to the latest version? | MyTestBox.com - web software reviews

Thu, 03 Jul 2008 09:29:59 +0000

[...] Wordpress 2.3.3 Security Retro-Fit [...]

By: Alex

Alex — Wed, 07 May 2008 21:26:01 +0000

In reply to @Andy:
Andy, that is certainly good advice regardless of any other measures, and often overlooked by too many people.

By: Andy

Andy — Wed, 07 May 2008 18:28:35 +0000

For me the top security fix is just to keep lots of backups though there are also additional admin plugins for locking WP to specific IP ranges etc.

By: Alex

Alex — Wed, 07 May 2008 06:53:54 +0000

In reply to @Pressed Words:
I also responded to this ping-back on Austin's Blog, but I felt this would warrant further explanation here as well. The post was already getting long, so I didn't want to go on an on about all of the reasons from 5 angles. So here is more in the form of a reprint of my comment on his blog:

Austin, first off, thanks for picking this up so quickly.

Now I want to make it clear that you overstate my "antipathy" toward Wordpress 2.5, despite its admitted flaws and real bugs that seemed egregious enough to warrant everyone being a little weary of upgrading too quickly. After all I do use Wordpress over other solutions, and have come to really like it for the degree to which I can dig around in the "guts" of the code, vast availability of plugins, etc.

This is why the main gist of my argument is really to separate out security and other critical FIXES from new feature introductions. It's the sane thing to do, and would be a lot more palatable to/respectful of the users that have to deal with the fall-out from upgrades. Some have to maintain dozens of Wordpress installs for clients, all with possibly different plugins, etc. I have stated all of this on the support forum.

They way it is handled now is actually worse than Microsoft, even they know they can't just completely force you into Vista [to fix XP security flaws] from one month to the next, even though they sure want to and are always trying... :)

Check around, there are a lot of influential bloggers with a deep tech knowledge (such as Andy Beard), that won't go near 2.5 for a while. I just thought that there should still be security improvements rolled out as patches to those who don't want to upgrade right now.

Agreed that it would be much preferable for WP to come out with a certified patch "package" themselves, my attempt (which so far appears successful) is by no means the ideal state of affairs, and you may have read my big fat DISCLAIMER at the end.

I welcome the discussion and any testing/improvements that anyone is able to contribute. If it hadn't appeared from the WP tickets on security fixes in 2.5/2.5.1 that the password/cookies issue was a very isolated element that didn't seem to have any other implications, I likely wouldn't have attempted it. Agreed that there could have easily been more issues popping up through the file replacements, but so far I haven't seen any.

As you said, stay tuned for my post on the detailed feature reviews and issues that were left unresolved that I have actually hacked/fixed myself in my own personal WP "distribution". Then it will likely make even more sense why I am not upgrading for now...

By: Backporting WordPress Security Fixes · Pressed Words

Backporting WordPress Security Fixes · Pressed Words — Wed, 07 May 2008 03:14:33 +0000

[...] Schleber so dislikes WordPress 2.5 that he’s worked out how to patch version 2.3.3 with 2.5’s security patches instead of upgrading. It’s an approach I would recommend against. For one thing, [...]