WordPress 2.6 Released

Posted by Philipp

July 21, 2008

WordPress 2.6 is now available. We have mentioned from of the security improvements in an earlier post. The latest version promises a number of security enhancements as follows:

XML-RPC is turned off by default, but is easy to turn on again. Historically, attacks were possible through the XMLRPC services. We don’t know how many bloggers use the XMLRPC services (i.e. blogger clients), however, we think this will improve the security by limiting exposure.
Full SSL Core Support. This means no plugin is needed, it’s even possible to force an SSL connection.
Improvements around session and database management.

This new version also fixes over 194 bugs and the user interface is apparently more user-friendly.

Sounding good so far? The biggest improvement from our point of view is the version control around content management. It’s now to track co-author changes.

The full package can be gained as usual from the official download page.
But as with every new major release, we recommend you wait for the first minor update as new features may present new security holes, as experience has shown.

We are still waiting for WordPress to perform a full code review and application security test. We really think this will be beneficial to both the user and WordPress.

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

Comment by Gareth Heyes on July 22, 2008 @ 9:17 am

XML-RPC is only off by default for new installations. Any upgrades will retain the current setting.

Comment by Philipp on July 23, 2008 @ 12:42 pm

Correct, thanks for mentioning this Gareth. So everyone who, doesn’t need XMLRPC, is updating to WP 2.6 should disable this feature, for security reasons.

Comment by Abel Cheung on July 30, 2008 @ 10:20 am