WordPress 2.8.5 has officially been tagged and is now available for download. If you don’t see the upgrade nags in your administration panel already, give it a few hours and upgrade when it becomes available. This release has been dubbed a security hardening release meaning, more preventive measures have been taken to secure WordPress. Worthy of note though is an issue that was addressed dealing with a trackback spam denial of service attack which was discussed on the WP-Hackers mailing list the other day. This exploit takes advantage of the WP-Trackback.php file which would exhaust a servers resources when used. This has specifically been addressed in 2.8.5. Thanks goes out to Steve Fortuna for releasing a fix to this 0 day exploit. The release also contains a few bug fixes as well.
You can trigger an update check by visiting Tools -> Upgrade.
So by default, it’s run by a cron job but every time someone visits the upgrade page manually it triggers the cron job to run?
Thanks for the note Jeff…looks like I better get with the program and update!
No problem. 2.8.5 snuck up on me.
Thanks, I just update my WP to 2.8.5
Changelog: http://core.trac.wordpress.org.....anches/2.8
Modified Files: http://core.trac.wordpress.org.....ches%2F2.8
Great news!
Any move to prevent RFI and LFI attacks?
It’s quite a pain to regularly find the header and footer files being crammed with spammy links.
Thanks
Many plugins are “compatible up to 2.8.4” – should we expect they all work with WP 2.8.5 as well?
Thanks
I was wondering the same thing as well. Nevertheless, glad to hear there’s an update focusing on security.
Not quite sure what they changed in this new version.
I think upgrading to 2.8.5 is not necessary.
You’re kidding right?
I don’t understand why they released the new version so quickly after the last update 2 months ago.
I don’t see any changing in this new version. It’s not really necessary to upgrade.
You don’t think that the security hardening is worth the upgrade? That’s just crazy to me. I take my blogs seriously & would take no chance at getting hacked.
It might help if you read the article before commenting – it explains what the upgrade does and why it might be a good idea to use it. Still, your choice. I hope you avoid any nasty DoS attacks.
Why am I getting this error?
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 2354671 bytes) in /home/grinbear/public_html/catahoula/wp01/wp-includes/http.php on line 1327
Add this line to your wp-config.php
define(‘WP_MEMORY_LIMIT’, ’64M’);
Thanks, worked like a champ.
Hi there gestroud, i don’t know if you can help me but im gonna try and ask…
i get this error, i tried adding the above line but didnt fix the issue.
the error i get is this:
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 7680 bytes) in /home2/______/public_html/______/wp-includes/class-simplepie.php on line 13014
can you give me any idea on how to fix this one?
already searched google :S didn’t find nothing helpful!
hi there gestroud, i got an error too
I tried what you suggested above but didn’t fixed it :S
Any idea?
this is the error i get:
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 7680 bytes) in /home2/eklipsi/public_html/test/wp-includes/class-simplepie.php on line 13014
thanks,
denis
@denis,
Were you able to get the problem fixed?
nope i still get that error….
maybe the problem is @ my host (maybe it does not allow me to increase the PHP memory limit)
can that be the problem?
The issue is that in his code the apostrophes got messed up. Please replace his ’ with ‘ and it will work perfectly!
Hmm… the apostrophe got messed up again, just open the wp-config file in notepad, and paste what he had in there, and then replace the “Word-style” apostrophes with regular apostrophes using your keyboard. The regular apostrophe should be a straight up and down line, no curve to it like the ones in this example.
Where do I find the wp-config.php file? I’ve looked in the theme editor and also used FireFtp to exam the files on the server but I am clueless.
On the root of your site (or in a sub folder if you have placed your WP installation there).
Download it via ftp – and make a copy before you upload an edited version – just in case something goes wrong.
(And: Don’t use Word to edit it, use some non-destructive text editor – like TextWrangler for Mac. Sorry I don’t know the name for a Windows program)
Kj
Everything went smooth by upgrading via Dashboard.
Yep, same here… quick and easy update. The only thing I needed to “address or fix” was the ‘pluggable.php’ file in the ‘wp-includes’ folder so emails from my blog have my blog name not the default “WordPress.”
Line 352 changed $from_name = ‘WordPress’; to $from_name = ‘My Blog Name’;
You may want to try this plugin. It works fine in WP 2.8.5
http://wordpress.org/extend/plugins/wp-mailfrom/
I just upgraded and I can’t post anything.. keeps timing me out.. I did a database repair and default config.. what’s the deal?
Seems like a fairly minor release but worth updating anyway.
Saw this update Yesterday and the first thing which I did
was Backup my Db and updated the wordpress. Though wordpress are releasing very quick update.. 😐
is it really need to update new version every time, because what happens, after updating, we do loose some wizards or addons that are not supported by new version and so i ewww to change them every time and modify them
Schedule post Problem is same In New verson ! it’s surprize . I am much upsate from that.