As you know I’m a HUGE fan of using Worpdress as a website Content Management System (CMS). One reason is the convenience it provides to small business owners and their staff. In addition to all of the ‘ease of use’ features there is also the ease of updating the “system”, that is the WordPress platform itself. These updates are offered from time to time to fix bugs, enhance security, etc.

WordPress recently announced its new version. 3.5.2. This is the second maintenance release of version 3.5 and WordPress is “strongly” encouraging users to update their site. If you have not yet updated your WordPress installation I suggest you do it right away.

The following security issues have been addressed in WordPress 3.5.2. 

  • Server-side request forgery attacks that could provide attackers with access to the site.
  • Contributors can no longer publish posts improperly.
  • The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities.
  • Blocking denial of service attacks against sites that use password protected posts.
  • An update to TinyMCE fixing a cross-site scripting vulnerability.
  • Multiple cross-site scripting vulnerability fixes.
  • Full path not disclosed when uploads fail.

Another 12 maintenance-related issues have been fixed in this release. You can find more information on them at WordPress tracker.

The update will probably go through without issues for most websites. We’ve updated 9 websites so far without incident. All plugins, the theme and the site’s functionality worked just like before. However, it is still recommended that site administrators backup their database and files before applying the update so it can be rolled back if there are issues. Here are the recommendations on backing up your database and files.

The update can be applied directly from the administrator’s dashboard if the website has been configured this way, or download it from the official website instead to update WordPress manually.

If you have a WordPress website and need assistance updating your website with this new version please contact me anytime. I’ll be happy to help. If you have questions about converting your website to WordPress let me know and I’ll answer your questions. 541-482-4840