WordPress Version 2.8.3 Security Release

August 3rd, 2009
WordPress, WordPress Security

Weren’t we just talking about upgrading to the latest and greatest version of WordPress just yesterday? 

Well today Ryan Boren has just posted at the blog about the release of the WordPress 2.8.3 Security Release.  As he mentions in the posting this fix is related to the privilege escalation issues in version 2.8.1.

What he says next is the real reason why WordPress is so popular and well supported:

Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.

Ryan is right – it is the community that looks after each other.  Where else would you have such a diverse and talented group who points out any issues instead of just taking them public even though it would draw a lot of attention and maybe fame for themselves?  How easy might it have been for someone to just point out those additional areas/issues for someone to exploit and get all the traffic? 

Well, it could have been very easy – just send that info to the web instead of into the hands of the developers of WordPress.

This site is another great example of the community around WordPress and the help everyone provides each other to make their understanding of WordPress even better and to share their experience.  I think there are many places that could look at what happens in the WordPress Community and see the positive impact an open environment can do for things.

Thanks to all of you here at WLTC and your willingness to be frank with us on each and every post and to assist each other in the comments and forums. You all definitely rock!

So the next question is – how do we make it even better?




  1. Harsh Agrawal (12 comments.) says:

    Just saw the update, hope this version if bug less unlike other previous one…

  2. Hoodgrown Online says:

    Am I the only one having problems updating my sites using the automatic update. Across three of my sites.. it didn’t work at all.

    Now that I’ve been spoiled, upgrading the old fashioned way is going to be a pain in the ass.

    • WindowsObserver (55 comments.) says:

      I was able to upgrade all of my sites with the automatic update although it hiccuped on me twice before it finally went through and updated. I attribute that to the net or a transient issue though not the update.

  3. Martin (20 comments.) says:

    Pain in the butt updating but in the long run it’s worth it to keep my sites running nice and secure. Well done to the WordPress community for finding these exploit!

  4. Bob Morris (2 comments.) says:

    WordPress needs to end the endless bug fix updates and spend considerably more time testing, then release one or two solidly tested versions each year. That’s how professionals do it. That’s what the industry standard is.

    I love WordPress, but the endless chain of mini-fix updates is Amateur Hour. Give it some thought guys, then do it right. Like Drupal does, for example.

    I can’t think of any other software vendor, open source or not, that has as many updates as WordPress does.

    • Milan Petrovic (31 comments.) says:

      Well, you are wrong on this. Biggest software vendor in the world, Microsoft, release fixes for their products each week. Same goes for any of the Linux distributions. It’s simply how the things work. No matter how much you try, testing any complicated piece of software is best done when the software is released to the public. For WordPress you have maybe 10 developers working on the core, and even if they have 100 or 1000 testers, that’s nothing compared to millions of users that will do much better job in finding bugs.

      If any company doesn’t release more than one or two versions a year of a system complicated like WordPress, it’s not because they tested and found all bugs, it’s because they don’t care much about their users. Their software still has many bugs.

      The way WordPress works is much better. Find the bugs, fix them, release new version. I wish that more products are maintained like this.

    • Otto (215 comments.) says:

      On the contrary, the general maxim in the open source world is “release early, release often”.

      IMO, WordPress updates don’t happen often enough. I have to upgrade to nightly builds every once in a while to get that feature or bugfix I’m looking for.

  5. Nostro Sito (1 comments.) says:

    Good job!

  6. Jan Hinnerfeldt (3 comments.) says:

    Am I correct in assuming that “autmatic upgrade” from my version 2.7 does not work correctly?
    Anyone who know the reason?
    Can I then upgrade by downloading the version 2.8.3

    • Ali Hussain (12 comments.) says:

      The reason is i think that version2.8.3 is update of some files only and not the core update.

      • Jan Hinnerfeldt (3 comments.) says:

        But after the “automatic” update, that apparantly do not return a
        completion message, it still says version 2.7

        • Jan Hinnerfeldt (3 comments.) says:

          When I deactivated all my plugins and changes to the default theme, everything went OK. I’am now on 2.8.3 with one of my sites. Now to the next ones.

  7. FestivalPlanet (1 comments.) says:

    My site updates seamlessly and without fail. I agree with Milan many companies release updates frequently, i think its better to release patches as soon as holes are discovered rather than holding on to them and releasing less frequently.

    Also before people complain, this stuff is free, i am blown away by what you can do on your sites with plugins and themes and all for nout!
    Good job WordPress!

  8. Ali Hussain (12 comments.) says:

    Updated. Too many security releases this year

  9. ket (1 comments.) says:

    I agree the 2.8 version comes with bugs. I downgraded it to version 2.7 already. In my opinion, the 2.3 version is the best.

  10. Denzel Chia (7 comments.) says:

    I think users of wordpress should be thankful of core developers working around the clock for bug fixes, so that intermediate programmers like me is able to setup a site without worry that it may get hack easily.

    Anyway, you just need to backup your database and click on upgrade button and wait….. its done! Easier that getting a burger from Mac, Why Complain?

  11. Jaypee (20 comments.) says:

    Had issues with the auto upgrade feature even for plugins when I upgraded from 2.7+ to 2.8.2. Now that I’ve upgraded to version 2.8.3, I no longer have issues upgrading my plugins via the WP Dashboard.

  12. George Serradinho (107 comments.) says:

    I upgraded with no problems. I know of only another one person who had problems. Funny, but strange.

  13. George says:

    The most hypocritical post in the history of internet. You talk about not keeping the traffic for oneself, yet you keep comments from people but remove links. You do exactly that – keep traffic for yourself. Selfish hypocrite.

    • Mark Ghosh (386 comments.) says:

      Not sure how you came to this conclusion, but your comment makes me think you are a troll and a spammer. Do you comment on a post to just advertise your links?

      Why would a blog owner keep a comment that is written for the sole purpose of link juice or link advertising? Do you see the comments above and on almost every post of this blog? Do you see the links on the commenters’ names?

      Your insinuation is that we have removed links from “people”. Who are these people? Were their comments relevant to the post or were they written just so that a link could be placed on the page?

  14. MGN (1 comments.) says:

    I updated all of my sites. Automatic updates worked. To be honest, one of my website is hosted on a dedicated server. I don’t know how to update when the automatic update function doesn’t work. Thank god it worked. Although I must agree updating frequently is not very fun. But it’s better to be safe than sorry.

  15. Ulysses (15 comments.) says:

    I gave up on the WordPress automatic update feature. It didn’t work for me. I now use a shell script and Subversion to upgrade all five WordPress installations. It takes less than a minute to do. The only thing it requires Subversion and shell access, fortunately, both features my host supports.

    • Sillydanemedia says:

      IS that script free? I had a bunch of sites break on me when I updated them with the auto upgrade :(

  16. BlaKKJaKK (10 comments.) says:

    A security update is now big deal to do whether manual or auto. I say patch and patch often. Waiting to address a security issue would make now sense.

    As for holding on to older version of WP, no thank you. I like my ride shinny and new.

    What might be a good idea for 3.0 is to do what Jeffro from WordPressTavern suggested, hire a security consultant to do a complete security review like BBPress did after its problems. It would build confidence particularly if it were done before something similar were to happen to WP.

  17. Kim says:

    Hi peeps,

    I wonder if someone encountered the following when upgrading his WP to 2.8.3. I’ve been experiencing a bug in the WP backend, which de-styles my admin menu on the left.

    Check the screenshot for any details:

    I’d be glad if someone has any remarks…


  18. Iamvoldemort says:

    I rolled that out on 30 WP websites yesterday morning, they ALL broke, what a nightmare they all gave me a 404 after applying the security release :(

  19. Danny says:

    Can someone please confirm whether or not this security vulnerability apples only to WordPress 2.8x sites. In other words do users running 2.7.1need to worry about this?

    In addition, am I correct in thinking that if taking the suggested security step of renaming your default admin username in the db would pretty much mitigate this exploit?

  20. Neels Hattingh (1 comments.) says:

    WordPress is the best, but I found after upgrading to the latest security release, that a static page that i use as the front page, was replaced by the blog posts. Even though I have made the necessary setting. I have uploaded the template again and did everything from fresh, but no luck. And strangely it’s only on the one template, I assume the best would be to uninstall wordpress and install it again. Any ideas? Next time I’ll test the upgrade on another wordpress installation.


  1. […] que se dice por ahí, acerca de esta actualización de seguridad: Carrero, Weblog Tools Collection, Ayuda WordPress, […]

Obviously Powered by WordPress. © 2003-2013

page counter