Glasgow: A latest version of the popular blogging software WordPress has been released. The update addresses several security concerns in the platform that have been accounted by third parties to the WordPress development team.
WordPress 3.6.1 fixes 3 security issues according to the WordPress Codex website. The first addresses a remote code execution that can be activated by unsafe PHP de-serialization. The second may prevent users with an author role from being able to generate a post "written by" another user, and the third fixes inadequate input validations that could result in users being redirected to another website
Besides that, added security hardening was employed by the WordPress team. This consists of updated security restrictions around file updates to lessen cross-site scripting attacks. Writers may note that WordPress does not allow .swf or .exe files by default anymore, and that .htm or .html files are only enabled to be uploaded if the user who uploads the files has permissions to use unfiltered HTML on the site.
When you attempt to upload a blocked file type after the update you will obtain the following error message during the upload process:
“Sorry, this file type is not permitted for security reasons.
A solution to whitelist file extensions so that you can upload them again using WordPress has been posted here.
Note: The article has not been updated since 2007, and that things may have changed since then.
Rather than editing the code manually, you may prefer using a plugin such as Manage Upload Types which you can employ for exactly the same purpose.
WordPress admins must test and then revise their blogs as soon as possible to secure it from possible attacks that aim the susceptibilities patched in version 3.6.1.
It is as constantly recommended to create a backup of the blog first before you run the update script directly from the admin dashboard, or update the blog manually via ftp or other means of connection.
While it is unlikely that you will notice any side-effects or issues, it is always better to be safe than sorry.
WordPress 3.6.1 is a security update for self-hosted WordPress blogs that fixes three vulnerabilities and sets the security of the blog further. The core issue that writers may run into later is that some file extension that they were able to upload previously is not enabled to be uploaded anymore. But that can be resolved easily by the admin of the site.
Read more: WordPress Web Development Glasgow