Earlier today WordPress found some malicious codes in several popular plugins, namely AddThis, WPtouch, and W3 Total Cache. These malicious codes may run as cleverly disguised backdoors on your blog, which is dangerous!

Therefore, WordPress urged all WP blog users who have these plugins installed or upgraded recently to reset your password immediately. Do not use the same password as the new password!

To reset the user’s password in your blog is easy. There are 2 ways to reset the password :-

1. Reset in WP Admin Panel

• 1. In the Admin Panel menu, go to Users.
• 2. Click on your username in the list to edit.
• 3. Scroll to the bottom to the New Password section and type in a new password in the two boxes provided. The strength box will show how good (strong) your password is.
• 4. Click the Update Profile.

2. Reset without login to WP Admin Panel

• 1. Go to your WordPress Login page.
• 2. Click on lost password.
• 3. Enter your user name and the email address on file for that account.
• 4. The new password will be emailed to your email address.

Meanwhile, all password at wordpress.org were forced-reset so you’ll need to request for the new password to be sent to you in case if you need to login to wordpress.org.

The long-awaited WordPress 3.1, codename Reinhardt, is finally released today. This latest version is immediately available for upgrade in the control panel (under Updates) as well as for download on wordpress.org.

There were more than 820 issues fixed in this latest release and therefore certainly improved the performance and stability. Below are the notable highlights of WordPress 3.1 :-

• Internal Linking – click a button for an internal link and it allows you to search for a post or browse a list of existing content and select it for inclusion.
• Admin Bar – contains various links to useful admin screens. By default, the admin bar is displayed when a user is logged in and visiting the site and is not displayed in admin screens for single blog installs. For multisite installs, the admin bar is displayed both when visiting the site and in the admin screens.
• Streamlined Writing Interface – new users of WordPress will find the write screen much less cluttered than before, as more of the options are hidden by default. You can click on Screen Options in the top right to bring them back.
• Post Formats – meta information that can be used by themes to customize presentation of a post. Read more in the article Post Formats.
• Network Admin – move Super Admin menus and related pages out of the regular admin and into a new Network Admin screen.
• List-type Admin Screens – sortable columns for list-type screens and better pagination.
• Exporter/Importer Overhaul – many under the hood changes including adding author information, better handling for taxonomies and terms, and proper support for navigation menus.
• Custom Content Type Improvements – allows developers to generate archive pages, and have better menu and capability controls. Read more in the article Post Types.
• Advanced Queries – allows developers to query multiple taxonomies and custom fields.
• Refreshed Blue Admin Color Scheme – puts the focus more squarely on your content.

So all WordPress users, it’s time to upgrade again. :)

WordPress has just released the latest version 3.0.2 to fix a few critical vulnerabilities :-

• Fixed moderate security issue where a malicious Author-level user could gain further access to the site.
• Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
• … and more.

Files affected in this upgrade are :-

• wp-includes/ms-files.php
• wp-includes/version.php
• wp-includes/comment.php
• wp-includes/functions.php
• wp-includes/load.php
• wp-includes/canonical.php
• wp-includes/capabilities.php
• readme.html
• wp-admin/includes/plugin.php
• wp-admin/includes/file.php
• wp-admin/includes/update-core.php
• wp-admin/plugins.php

This update is a mandatory security update, so an upgrade from any older version is highly recommended. Just go to your WordPress Dashboard > Update, select “Upgrade Automatically” or “Download 3.0.2” to manually update the files listed above.

Cheers!

If you are a iPhone user and have a WordPress blog, either self hosted or at wordpress.com, you may want to check out this custom version of WordPress for iPhone. The 2.0 version had just been released early this month, below is the latest release of its introduction video :-

In case you are already using an older version of WordPress for iPhone prior to this 2.0 version, you may want to install this latest version from AppStore. WordPress for iPhone 2.0 was released as a new app instead of an upgrade version because the previous version was developed by a contract developer.

Have more questions about WordPress for iPhone in your mind? Check out their FAQ page. A support forum is there for you in case you need any support.

Now we have WordPress for iPhone and WordPress for Blackberry available, I’m wondering is there a development going on for Symbian S60v5? My Nokia N97 deserves some awesome app like this! :)

WordPress has just released a new version 2.8.6 to fix 2 critical vulnerabilities :-

• 1. XSS (cross-site scripting) vulnerability
• 2. Problem with sanitizing uploaded file names that can be exploited in certain Apache (web server) configurations.

XSS vulnerability basically means it allows an attacker to run malicious code right from the webpage of your website which has this vulnerability. So, it can be very dangerous.

On top of that, you have another good reason to upgrade if your server is running on Apache web server because of the 2nd vulnerability.

Therefore, login to your blog now and upgrade it as soon as possible. You are just one click away from running a more secure WordPress version by using the built-in auto-upgrade feature.

WordPress has released its latest version WP2.8.5 today. This latest version consists of several security improvements, therefore it’s recommended to upgrade your blog so that it’s up-to-date and as secure as possible.

The headline changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

You may not see this upgrade notice in your WP dashboard as usual once you login. It’s not visible at the time of writing, but this upgrade is available under Tools > Upgrade. Just select “Upgrade Automatically” or “Download 2.8.5” and upgrade it manually will do.

WordPress has made upgrading so easy and fast, I’m loving it.