Thu 23 Mar 2006
Matt Mullenweg, Lord of the HTTP
Following Civilunrest’s lead, I’ve upgraded my version of WordPress.
According to WordPress.org, the vulnerabilities in previous versions of wordpress involve cross site scripting (XSS).
The newest version of WordPress also disables embedding/executing javascript code in a post. (but obviously you can use JavaScript in your templates).
Specific vulnerabilities exist in Wordpress 2.0.1 and lower
These prompted the release of wp 2.0.2, if you are using an older version it is a good idea to upgrade.
Suggestion: I recommend that people REFRAIN FROM showing the version of WordPress they are using in their site - e.g. at the bottom, DONT link to “Powered by WordPress x.xx.x” Just link to “Powered by WordPress”.
Reason: If a vulnerability is detected in your particular version of WordPress, hackers could easily discover your site by googling for “Powered by WordPress: specific.version.no”
Random cool Links of the day:
$150,000 porsche watch
Southpark LOTR (really funny!)
Do also check out these recent/popular posts!
- Some observations on Sri Lankan Girls.. (2)
- Idol update: Katharine Mcphee Rules, breasts and all.
- Women and breast size
- Upgrading WordPress..
- Sri Lankan women, for sale online!
- Girl on girl
- Some sexy music videos…
- Cockroaches inside the underwear for pleasure (sic)
- American Idol: Hair problems and Elves
- Polls
March 23rd, 2006 at 10:24 am
Hey good to hear. Maybe also you can disable the meta generator tag that goes
Sumna Inc » Upgrading WordPress..
I also have it on. Maybe I’ll remove it. Just a thought.
(http://www.civilunrest.biz/)March 23rd, 2006 at 10:45 am
Ah yes. Wonder where that is stored.
Gosh, that never occured to me. I wonder if removing the meta generator would have any side effects. Hopefully it’s just used for search engines.
I guess we can’t truly hide what version of WordPress we are using, best thing is to upgrade whenever a serious vulnerability is announced.
Ironically, the more advanced any software is, the more it is likely to contain bugs/weaknesses. Of course, WordPress is extremely stable, likely the best CMS system on earth.
(http://www.sumna.com)March 23rd, 2006 at 11:33 am
also, your theme seems to be broken on Firefox. The background stops flowing after the header, though it shows up on IE
(http://indi.ca)March 23rd, 2006 at 1:12 pm
I know indi
tried everything can’t seem to fix it.. 
the code seems OK (validates XHTML)
thanks
(http://www.sumna.com)March 23rd, 2006 at 10:46 pm
Exactly how important is it to upgrade? Can’t I wait until 2.1, at least?
It just seems like such a hassle to upgrade.
(http://mahamoor.com)March 24th, 2006 at 5:42 am
Yo, I’m sorry to tell you that it IS really important you upgrade. The good news is, upgrading is extremely simple, and takes a few seconds in ideal circumstances.
If you have telnet access to your server, all you have to do is untar the upgrade file over your existing directory. (But first it’s important you backup your database for safety)
Also, um, you should follow wordpress’s four step upgrade procedure, lastly you have to run the file upgrade.php which doesn’t do a lot except cheerfully tell you that you are ‘done’
All in all, this was one of the quickest upgrades I’ve ever done, and um, sorry to say, but it is necessary.
(http://www.sumna.com)March 26th, 2006 at 9:49 pm
Aight.
Thanks Dude - will get round to it as soon as I can.
(http://mahamoor.com)March 28th, 2006 at 3:08 am
I sent Matt this link over IRC, and we all had a good laugh over it.
Lord of the HTTP, roflmao.
(http://mahangu.org)March 28th, 2006 at 10:22 am
Thanks man. Hope he didn’t think I was being sarcastic, I sincerely meant that as a compliment.
Matt achieved what I’ve always dreamed of: an almost perfect CMS/Blogging engine. He truly conquered HTTP, and made it such that ordinary people could, well, generate prose.
I wrote my first blog system in 2000. I never knew what a blog was, nor did I know what to call it. I just knew that I thought that a system that let people write online diaries would be cool. I took a primitive CGI diary script and modified it so people could register, and they would get a private URL (xyz.com/you) and log into that and write, with no knowledge of HTML.
My dream now is to design the next generation of CMS. I am aiming for something that is hopefully as simple and easy to use/install as wordpress, and yet, as flexible.
(http://www.sumna.com)