Wordpress Version 2.0.3 Review
WordPress, the premier free open-source blogging utility, has gone through several upgrades in its life. Today it’s one of the most popular blogging tools on the Internet; it’s easy to use, powerful, and very versatile. It also has a very active base of skilled users who are eager to improve the product and to help out those who haven’t tried it before.
Though the Strayhorn 1.5 version is the favorite for many, it is not as stable or as secure as the newest version 2.0.3. The best part of the new version is the security patch; the new “nonce” security key reduces the chances of a malicious hacker finding a way into your admin panel. Besides the security patch, though, several minor bugs have been squashed with this version. Though a major upgrade to 2.1 is due out soon, the 2.0.3 is something you should definitely download and install if only because of the security fixes, which were actually backported from the major upgrade files.
In addition to the 2.0.3 install, you should be aware that some bugs have already been found, and that a plugin will need to be installed to repair those bugs. If you modify any of the files that this patch plugin fixes, you’ll need to either merge the changes with the new files or make those changes manually once again. You can find these issues by running a diff to locate changes; if the only changes you find are your own, then you’re fine, and otherwise you’ll need to merge them manually into the new files.
The short list of what WordPress 2.0.3 fixes includes:
•Small performance enhancements
•Movable Type / Typepad importer fix
•Enclosure (podcasting) fix
•The aforementioned security enhancements (nonces)
One mostly annoying bug shipped with 2.0.3 as well. It gives you an “Are You Sure?” dialog when you edit comments, and adds a backslash before each quotation mark in the post you’re editing. Make certain to download the patch.
What’s Up With The Security Problem?
The security problem seems minor, but the WordPress team is fixing it before it grows into something major. It’s a bug that takes advantage of the cookie you download when you sign into WordPress. The cookie in question prevents anyone unauthorized from accessing your admin panel. It’s tied to your user account, and verifies that you are the authorized administrator of the account you’re working on.
The bug that’s being fixed is one that takes advantage of a sociological trick. If someone created a link or a form pointing to your WordPress admin account, they might possibly be able to trick you into clicking the link. In the case of the one here, you delete a post. This sounds both minor and highly unlikely; but a small crack in the door can be exploited later by a dedicated hacker. And this is also the kind of bug that, a few years ago, allowed a hacker access to the Microsoft databases, from which he stole portions of the Longhorn and other codes. So yes, you do need to take it seriously.
WordPress had ensured you were safe from this kind of hacking by using a utility called HTTPREFERER. But this utility has some issues. For instance, with JavaScript in Internet Explorer, it can be spoofed. In addition, certain firewalls and proxies can strip the information it’s supposed to carry out, causing some people to be unable to use their WordPress admin accounts the way they’re supposed to be able to.
Now, instead of the HTTPREFERER, a nonce is used; this is a number used once. It’s like a password that changes every twelve hours, and is valid for twenty-four hours. The nonce is unique to the specific WordPress install being used, the WordPress user logged in, the action, the object of the action, and the 24-hour time of the action. When any of these is changed, the nonce is no longer valid. All plugin authors will have to ensure the nonce is added to their forms and other interactive capabilities that may be affected.
Upgrading from WordPress 2.0.2 to 2.0.3
As with any upgrade, the first thing you should do is back up everything: the files in your WordPress directory, the database plugin with any changes, and any data you have added should be backed up as well. In addition, it might be a good idea to do a second backup of your entire WordPress directory just in case something goes wrong with your install.
Now remove the wp-admin directory entirely. Also remove the wp-includes directory, except for any translation and language files or directories you may have added; add these files to the backup files you created earlier. Finally, remove all the files where WordPress is installed with the exception of the file http://wp-config.php.
Now you’re ready to start your install. Download and unpack the 2.0.3 version in a separate install directory. You want to make sure you can control files and directories you copy over. Now install the new wp-admin and wp-includes directories.
Install the rest of the files of the top directory, with the exception of the http://wp-config-sample.php file.
Now enter the admin panel. You should see the following message: “Your database is out of date. Please upgrade.” Follow the link provided to update the database, and follow the directions there. Now remove the files wp-admin/upgrade.php and wp-admin/install.php. Download the plugin fix; add it and activate it. Replace your backup files where they need to be, and do the comparisons if you’ve modified any of your earlier files. This should take care of the whole thing.
For geeks, there is also an upgrade package that only includes the changed files. Look for it under Changes Diff (2.0.2 > 2.0.3). It consists of a zip file that is much quicker to install, but you should be certain you can handle it before using it.
About the Author
pspwvista 1.0 (Newest Version 1.7, Download link and instructions)
|
|
Apple Ipod Touch 8 GB / 32 GB / 64 GB 3rd Generation 3G ( Newest Version ) Zebra Print Silicone Skin Case cover + Vangoddy TM, Live*Laugh*Love wrist band!!! $5.95 This is the perfectly Stylish and Inexpensive way to protect your Ipod from degrading and avoidable scratches, dirt, and dings Without sacrificing style or having to buy a bulky expensive leather or hardshell case!!! ***Apple Ipod Touch Not Included***… |
|
|
Techni IceTM Reusable Dry Ice Packs HDR (Heavy Duty Reusable 4 Layer/ply Model) Colors of Print on Newest Version Red,blue Yellow $3.78 Techni IceTM Reusable Dry Ice Packs HDR (Heavy Duty Reusable) Model (4 layer/ply model) This new model has been recently developed for high performance reusable applications. Four layer/ply construction comprising of two layers on the outside that are fully washable and two heavy duty inner fabric textiles that resist puncture and contain the refrigerant polymer. This new model refrigerant comes… |
|
|
Apple Ipod Touch 8 GB / 32 GB / 64 GB 3rd Generation 3G ( Newest Version ) Red Zebra Silicone Skin Case cover + Vangoddy TM, Live*Laugh*Love wrist band!!! $5.95 This is the perfectly Stylish and Inexpensive way to protect your Ipod from degrading and avoidable scratches, dirt, and dings Without sacrificing style or having to buy a bulky expensive leather or hardshell case!!! ***Apple Ipod Touch Not Included***… |
|
|
England’s Newest Hit Makers (Dsd) [Vinyl] $14.36 Limited Edition vinyl LP repressing of this classic Rolling Stones album, originally released in 1964. Decca…. |
|
|
Live At The Starwood: Dec. 3, 1980 $22.84 After The Germs’ snarling debut “Forming” helped usher in the West Coast punk scene in 1977, singer Darby Crash, guitarist Pat Smear, bassist Lorna Doom, and drummer Don Bolles returned two years later with (GI), an unrelenting onslaught of primal pounding and verbal venom that influenced a generation. But it was the group’s unhinged concerts — often teetering on the brink of riotous bedlam — th… |
|
|
Road Trips: Vol. 1, No. 4 – From Egypt With Love $36.99 The newest installment of Road Trips, titled “From Egypt With Love”, is culled from the Dead’s five-night run at Winterland a month after they returned from their triumphant journey to Cairo. Each night, the band treated hometown fans to a slide-show of their travels. At two of the concerts, Hamza El Din joined the Dead for versions of “Ollin Arageed” to summon even more of the flavor of Egypt. Ot… |
|
|
The Twilight Saga: New Moon (Ultimate Fan Edition DVD with Lenticular Packaging & Bonus Footage) $14.95 The Ultimate Fan Edition with collectible Lenticular Packaging includes a 7-minute sneak peek of “The Twilight Saga: Eclipse” which begins with an exciting behind-the-scenes look at the production of the newest film in the franchise. New interviews with stars Robert Pattinson, Kristen Stewart and Taylor Lautner, as well as with series-creator Stephenie Meyer are integrated with revealing, on-the-s… |
|
|
The Twilight Saga: New Moon (Ultimate Fan Edition Blu-ray with Lenticular Packaging & Bonus Footage) [Blu-ray] $19.99 The Ultimate Fan Edition with collectible Lenticular Packaging includes a 7-minute sneak peek of “The Twilight Saga: Eclipse” which begins with an exciting behind-the-scenes look at the production of the newest film in the franchise. New interviews with stars Robert Pattinson, Kristen Stewart and Taylor Lautner, as well as with series-creator Stephenie Meyer are integrated with revealing, on-the-s… |
|
|
Twilight Saga Two-Pack: New Moon Ultimate Fan Edition / Twilight in Forks $34.19 New Moon Ultimate Fan Edition The Ultimate Fan Edition with collectible Lenticular Packaging includes a 7-minute sneak peek of “The Twilight Saga: Eclipse” which begins with an exciting behind-the-scenes look at the production of the newest film in the franchise. New interviews with stars Robert Pattinson, Kristen Stewart and Taylor Lautner, as well as with series-creator Stephenie Meyer are integ… |
|
|
Wacom PTK840 Black Intuos4 Large Pen Tablet with Pen & Mouse (Factory Refurbished) – Newest Version $364.99 With a new design and features inspired by members of the professional creative community, Intuos4 redefines the pen tablet experience. Featuring Wacom¿s new pen tip sensor technology and 2,048 levels of pen pressure sensitivity, the Intuos4 pen captures the most subtle nuances of pressure, allowing you to dynamically adjust exposure, brush size, opacity and more. User-defined ExpressKeys activat… |