Wow, I got a scary message when I logged in to the dashboard of one of my blogs tonight to say that the upgrade to WordPress 2.1.1 that I downloaded a couple of days ago had been compromised – before it left the download site -  because the WordPress download server had been [tag]hacked[/tag] into!  Yikes! [...]

Oh he of little faith! It’s nice to know he trusts my skills!

The WordPress team have released an updated version of the WordPress blog platform.  WordPress 2.0.3 includes the following updates: Small performance enhancements Movable Type / Typepad importer fix Enclosure (podcasting) fix The aforementioned security enhancements (nonces) Upgrading should be a pain-free process of overwriting files and running a database upgrade when accessing the admin panel.

Secunia is reporting that a vulnerability is present in [tag]WordPress [/tag]2.x which could allow hackers to gain remote access. This vulnerability has been confirmed in WordPress 2.0.2 and may affect other versions (but not pre-2.0 versions since this doesn’t use cache files). The current recommendation is that access is restricted to the following directories: wp-content/cache/userlogins/ [...]