Older WordPress Versions Are Insecure

Image via CrunchBase

I have said this many times before: UPGRADE WORDPRESS WHEN PROMPTED.  This one is in the style of “beating you about the head and body and then caning you across the eyeballs“.  Why?  Because a hack has been discovered that makes your older, more stable, more comfortable WordPress.org install very insecure and really you may as well make the password Pa55w0rd – because your older version can and will be pwned.

Now that I have your attention….  Go to Lorelle‘s site, Robert Scoble‘s site and the WordPress Dev Blog to see details of this new exploit.  If you have version 2.8.4 (like what I do), you are more secure.  As well as upgrading, remove the default admin account and create a new one (reverse order, is good on that one), check for phantom admin accounts and make sure you are using a strong password.  There are other things to do, but that will keep you going for now.

I regularly get comments such as “if I upgrade it breaks all my plugins”, “my theme doesn’t work if I upgrade now” and so on.  You now get to make a value judgment: if you don’t upgrade you could end up no longer owning your blog vs giving up or changing a few plugins or a theme.  Which of these is the worst case scenario for you?

Upgrade now. You know it makes sense.

So You Want to Start an Online Community…

Image via Wikipedia

This is going to be a very non-specific post.  A thread I have been posting in over on LinuxQuestions.org has made me think – and you know what happens when I start thinking?  That’s right, I get sleepy.  And then I get writing.  This being the internet and bandwidth and server space being free or low cost, every day someone decides that they will start up the next killer website/forum/mailing list/IRC channel/blog.  This will be the <whatever> to end all <whatevers> and will bring in the clicks by the thousand.  These people get very excited and start to post links wherever they can find a suitable site.  And then what?

<as a fair man, this is only aimed at people who want to do something to bring in the public – starting any of these things as a personal project or somewhere their friends can hang out online means that these words do not apply>

Read the rest of this entry →