Yesterday June 21, 2013 WordPress 3.5.2 was released for public download. This updated is a minor maintenance update fixing 12 bugs in WordPress 3.5 and 3.5.1. It is mainly a security release and you should not wait too long to upgrade your blog. In fact the WordPress team “strongly encourage you to update your sites immediately”. The update includes 7 security fixes that you don’t want to miss.
Upgrading to WordPress 3.5.2
The upgrade procedure is very simple, but as always when upgrading a WordPress blog remember to do a full backup of both files and database, just to be sure. I have already upgraded this blog and had no issues in the process at all.
The 7 security fixes included
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
- Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
- Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.
WordPress website targeted by hackers
If you don’t think you should upgrade your WordPress blog now you might want to check out this article from BBC News. Wordpress blogs has been targeted by hackers and botnets big time so far in 2013 and personally I have seen more than 100 failed login attempts on my little blog for the last week. If your blog is up-to-date the hackers might go for someone’s blog that are not 😉
When are you going to upgrade to WordPress 3.5.2?
How about you? When are you going to upgrade your WordPress blog? Are you a first mover or are you waiting to see some feedback from other bloggers first?
WordPress blogs are a hacker’s favorite…one of mine actually got hacked last year.
Hi Frank
It really is something that all WordPress blog owners should be taking very serious. There is a lot of hackers out there that would love to take down our blogs.
Hi Thomas, it always amazes me how fast wordpress can spread the word about a new version. They have s much social media power it blows my mind. I did the update without issues and I always look forward to the new features added.
Hi Brian
The word is spreading pretty fast on the Internet, but more than 50 million blogs are running WordPress, so there is a lot of people that care about it 🙂
Imagine that kind of power and authority? Must be nice no one in the world has that, perhaps Google but that’s it.
Hello Thomas,
we have already updated wordpress 3.5.2 but I don’t know about benefits of this version. But After reading your article I got my answer.
Thanks for this imformative post.
You are welcome Rajesh
For Security reasons I will upgrade my wordpress blog to version 3.5.2. Hoping it will make never lasting security shield for my blog.
I think that will be a good decision. A lot of hackers out there is trying to hack WordPress blogs around the world.
Nice article. I haven’t updated WP yet i’am still pretty new at this, so i will do this as soon as possible. Thanks for the interesting article
Hi Ralph
You should upgrade Ralph, a lot of WordPress blogs are getting hacked every day. Remember to make a good backup before you start just in case something goes wrong.