Deja Vu, Day Two

As I pointed out in yesterday’s entry, I’ve spent the last few days focused on getting this blog back up to speed. And that served me well because after four weeks of uninterrupted sunshine it’s turned real wet around here. But things seemed to be looking up. I’d finally gotten the latest update to WordPress installed and felt good about that. The weather forecast called for a return to sunnier weather. So I’d planned on heading out to Belfair after I’d taken Skye for his morning walk.

I woke up to the sound of rain, heavy rain. The sky was so dark that there was no way I was going to drag my new lens outside. No Belfair. I wasn’t happy, but I figured if I’d managed to go months during the winter with rainy days I could manage to wait a couple days to get back outside.

The day got even darker, though, when I opened up my blog to find:

WordPress 2.8.4: Security Release

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

Once you’ve had your blog infiltrated by spammers and porn sequestered away on your site, you’re not going to let something like that happen again. Since I’d already backed up my files the day before, I got brave and decided to push the auto upgrade button, but got an error message that a file couldn’t be uploaded. I figured with that strong of a warning there was probably a high demand on their servers so I waited awhile and tried the button again. This time it did upgrade, but, as usual, it managed to write over my theme and rendered In a Dark Time into a very bright whitespace. By now, it’s relatively easy to reload my theme, activate it and delete the two included themes. I’m sure there couldn’t have been more than a dozen or so visitors bothered by the upgrade.

Since I had already spent much of the morning working on my site, I decided to work on it a little more, specifically following some of the recommendations of Lyndi at Nice2all for providing better security for your WordPress site and generally making sure ite runs as smoothly and efficiently as possible. I’ve managed to flag several interesting articles from her site since I adopted her theme awhile ago. As I get time, I try to follow her advice and make the upgrades she suggests.

Her instructions are clear and specific enough that I’ve been able to carry out all but one of them so far. I still haven’t gotten brave enough to change the mySQL files through phpMyAdmin. My guess is that will never get done unless the WordPress developers offer a way to do it automatically. Luckily, I still get a kick out of poking around under the hood, particularly since I seldom end up with a face full of oil when I make a mistake. It’s a great way to rediscover those magical words that make the air glow and make others give you a wider than usual berth.

2 thoughts on “Deja Vu, Day Two”

  1. This all sounds far too complicated for me Loren – I just hope nothing like this happens on my blog. I am just patiently waiting for more of your fantastic bird shots.

Comments are closed.