Quick jump menu:

DSA Media News and Information

WordPress Plugin Upgrades

Further to our posts on keeping the WordPress core files updated, please note that this also includes plugin files. Plugins from the WordPress repository are not moderated and therefore you need to trust which ones to use to ensure the security of your website.

We have recently found a number of sites under attack from spammers who were exploiting the contact form 7 plugin. From our investigations we could easily see the version of the plugin in use, as it inserts it as a hidden form field, which means it’s easy for any spammer to determine whether the plugin is up to date and if it can be exploited. One such exploit resulted in 40,000 emails being sent via our server and over 9000 bounced emails received back which eventually crashed the server.

Whilst we can appreciate that scripts and plugins are required to help a website’s functionality, and exploit attempts will always be made and can happen on up to date versions of these scripts, if there are steps to reduce the likelihood of this happening, such as upgrading a plugin or looking into a more secure method, then we request that you do so. This is not a recommendation, this is a requirement.

As per our Hosting Terms & Conditions:

4a. Clients are solely responsible for ensuring that all scripts installed by them (including any available within your account control panel) are patched and kept up to date.

WordPress 3.2 Released

WordPress.org have announced the release of WordPress 3.2. Whilst this is not a security upgrade, it will fix a number of bugs and bring a quicker platform with it along with a fresh and less cluttered admin interface. We’ve been using the beta version of WordPress 3.2 for a few weeks now and can definitely say it’s an improvement.

As with all WordPress upgrades, we strongly recommend that you upgrade your site as soon as possible.

If you are unsure how to upgrade your site, you wish to take out a yearly WordPress maintenance package with us to manage the upgrades or you are having problems upgrading, please feel free to contact us.

Ongoing WordPress Updates

There have been a number of WordPress updates since our last update notice (nb. it’s not our intention to announce every release) notably including version 3.1 which was a major/milestone release. Each of these releases have included security, and bug, fixes, and so it has been essential for users to keep up-to-date. Today’s release of version 3.1.2 is no different with it containing fixes for a handful of bugs along with fixing a vulnerability that allows greater control to lower level users than they should have.

As with all other releases users hosting their WordPress sites on our server should update as soon as possible, as advised by our operating terms.

WordPress 3.0.4 – Critical Security Update

On December 29 Automatic issued a critical update to WordPress that fixes a core security bug. This fix is rated by the software publishers as critical with an advisory for all users to update to this version as soon as possible.

As per our terms and conditions, DSA Media require all WordPress installations hosted on our servers to be updated to this version, and to reflect the critical status of the update this must be done within 7 days of the release (updates should be completed by midnight 05 January, 2011 without exception).

WordPress 3.0.3 – Security Update

Hot on the heels of the 3.0.2 release Automatic have released another WordPress security update. On December, 08 WordPress 3.0.3 was released to fix issues in the remote publishing interface. It’s advised that all users who run multi-author installations update to this version as soon as possible.