WordPress 2.3.3 Security Release

WordPress version 2.3.3 has been released. This release, like the previous one, addresses an urgent security vulnerability that was found in the WordPress XML-RPC implementation. The flaw could allow any valid user on your blog to edit posts made by other users on your blog.

WordPress 2.3.3 also fixes some other minor bugs. If you don’t care about those minor bug fixes and just want to patch your blog against the XML-RPC vulnerability, you can download a fixed copy of xmlrpc.php and copy it to your WordPress installation directory, replacing the existing xmlrpc.php file.

You’re probably better off just downloading WordPress 2.3.3 and doing the full upgrade.

WordPress 2.3.2 Urgent Security Release

The WordPress folks have released WordPress 2.3.2, describing it as an urgent security release. This latest version fixes a bug that can be exploited to display your draft posts. Some changes have also been made to prevent certain error messages from giving away more information about your database than they need to. I would strongly advise that WordPress users install 2.3.2 ASAP.

WordPress 2.3.2 includes a new feature to allow you to customize the error page that’s displayed when WordPress can’t connect to your database. You can see the full list of changes between 2.3.1 and 2.3.2, you can also see which bugs are fixed in WordPress 2.3.2.

Head over to the 2.3.2 announcement post on the Dev Blog for the full story on WordPress 2.3.2. If you don’t care about any of that, you can just head straight to the download.

OpenDNS Introduces Shortcuts

David Ulevitch, founder and CEO of OpenDNS, sent me an email yesterday letting me know about a new feature from OpenDNS. It’s called Shortcuts and looks really sweet. Shortcuts are very simple, similar to bookmarks in your browser. Here’s how OpenDNS describes shortcuts:

You type something short and easy to remember into your address bar and you leap straight to where you want to go. There’s nothing to install and it works how you want it to, no matter which browser you’re using. Add, remove or change your OpenDNS shortcuts at any time.


Instead of going into any more detail about OpenDNS shortcuts, I’m gonna direct you over to Paul Stamatiou. Paul already has a great post with some screenshots and examples of shortcuts, go check it out.

WordPress 2.2 Adds Tags

The NeoSmart Files noticed the addition of native tagging support to WordPress 2.2 in the SVN repository. What’s this mean for WordPress bloggers? Not much really, other than the fact you’ll no longer have to use a third-party plugin for tagging your posts or pages.

This is great for WordPress, tagging is something I expected to see with the release of 2.0, but that didn’t happen. Tags are something bloggers really want, native tags will just make WordPress an even more attractive blogging platform.

I’m going to have trouble leaving the Ultimate Tag Warrior plugin behind in favor of the new tagging system in WordPress 2.2. Ultimate Tag Warrior has been so nice to work with and is pretty much the de facto WordPress plugin for tags. Ultimate Tag Warrior has some features not found in the tag system native to WordPress 2.2, such as tag suggestions. Also, Ultimate Tag Warrior allows you to apply tags you’ve used previously to a post via a select form, something not found in WordPress 2.2 tags. Hopefully the WordPress team has those features planned for inclusion at some point.

Anyway, head over to The NeoSmart Files for more, they have a screenshot comparing Ultimate Tag Warrior to native tags in WordPress 2.2.

Good Bye Spam Karma 2. Hello Akismet.

Done Using Spam Karma 2Spam Karma 2 has served my well over the last year or two. As you can see from the image, SK2 stopped 76,264 pieces of comment spam from being published. Before Akismet was around, Spam Karma 2 was the plugin most people went to for spam protection.

Since Spam Karma 2 hasn’t been showing any signs of life lately, I’ve decided to ditch it in favor of Akismet. I know for a fact Akismet is being actively developed. Also, I know for a fact that Akismet fully supports WordPress 2.1. I’m pretty sure SK2 isn’t fully WordPress 2.1 compatible. I’m not sure though, I say that because I thought I read of some WordPress 2.1 users having lots of problems with SK2. I could be way off though, I can’t find whatever it was I thought I was reading now.

Anyway, Akismet is now protecting this blog from comment spam. I’m not anticipating any problems, but who knows. If you have problems posting comments please get in touch with me via the contact form.