Thread: Wordpress 3.0 Released

WordPress has just announced the release of version 3.0

Unlike others I recommend that you DON'T UPGRADE your current version until 3.01 or 3.02 is out, but that's just my opinion, what do I know anyway...

ah! now I have to focus on the new documentations for themeing.. thanks for the update!

You're welcome!

I took a quit look at the "themeing" thing and didn't find anything relevant, yet I might be wrong.

It would be great if you could post about any blatant changes that might need to be done.

Originally Posted by Shenron

WordPress has just announced the release of version 3.0

Unlike others I recommend that you DON'T UPGRADE your current version until 3.01 or 3.02 is out, but that's just my opinion, what do I know anyway...

yah sure some bug with it
wait till stable version ...

Cant find any existing samples. I wana see what it looks like but dont want to install it yet lol

There are always bugs with the release of a new level of WordPress. 3.0.1 will probably be released within a couple of weeks.

I do have two new blogs to set up, so I will probably give it a test run sometime in the next week. Personally, I would never do an upgrade for an existing, successful blog until the bugs have been identified and worked out, but it would be much less risky to use it for a new site.

Any security fixes? I had three WP 2.92 blogs hacked over the weekend.

Originally Posted by bogart

Any security fixes? I had three WP 2.92 blogs hacked over the weekend.

What type of hack was it? Have you done anything to harden your WP installations?

Originally Posted by TopDogger

What type of hack was it? Have you done anything to harden your WP installations?

I'm not sure how they hacked in. The sql file wasn't affected.

I installed the wp-security-scan plugin and added a htaccess file in the wp-admin directory as well as updated all the plugins.

# no access in here!
order deny,allow
deny from all
allow from 67.83.18.153

Originally Posted by James Stein

WP Security scan does nothing for security... The .htaccess hack there means nothing, anybody can fake their ip

The WP Security Scan identifies areas that are likely points of attack. If you close those holes, you cut off about 95% of the common WordPress attacks. So, yes, it clearly does do something by adding security that did not exist before.

That particular .htaccess file contains a user IP address. It only allows a user on that IP address to access the admin area. A hacker would never know that IP address, and therefore could not fake it.

@bogart, if you think your server may have been compromised, be sure to change your FTP access passwords.

I have never had any of my web sites hacked, but I have always gone to great lengths to secure my sites and my servers. If you take all of the proper security measures, the weakest link tends to be the hosting company. I've seen situations where hundreds of sites on a major hosting company's servers were hacked because their security was the easiest to crack.

There are some good articles out there about hardening WordPress. Download this white paper. It is one of the best.

WordPress Security Whitepaper


.