News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

Update Your WordPress Installs!

Started by Xepher, January 03, 2018, 10:30:49 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Xepher

:UPDATE:

Well, it's more than a year later, and a lot of accounts have fallen out of date again. I've disabled these. If your site has a notice that your Wordpress was out of date, email me and I'll unlock it, so that you can upgrade.

Note that the current version of Wordpress is now 5.6.2.


:UPDATE:
Just as everyone seems to have finally been updated, Wordpress goes and breaks their auto-update process.

https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/

Everyone (in the world) needs to update manually and then make sure auto-updates are enabled again!


----
Over the New Year we had an account compromised (almost certainly through a MILDLY out of date WordPress install) and it was used to attack other servers, leading to a warning from my VM provider.

Going forward, I'm going to be requiring that all WordPress installs be maintained and kept up to date. To enforce this, I've written a scanner that will automatically find and check the version of any WP installs, and it will be emailing me any time someone is out of date. If you have WP on your site, please go update it NOW to at least version 4.9.1.

As WP is a very popular target, even an install a week out of date can be vulnerable, and so I will be disabling accounts if/when that happens. I've already disabled several, and sent emails of warning to many others. If your account was one that was disabled, email me, and I can release it and allow you to update things. Also, please make sure your offsite contact email is kept up to date so that I can contact you in cases like this. Too many times I have to resort to disabling accounts to get the owners attention, and I'd prefer to avoid that.

Sorry to have to be so strict about this, but with the potential to leverage this server to attack remote targets, the threat is serious enough that I have no choice. If you have any questions or thoughts though, feel free to ask below, or contact me directly if you prefer.

Thank you all for understanding!

Turnsky

Can attest this works, just happened to check the forum saw the message, went to check the site to update the WP install... lo and behold. :B

Xepher

Per the update above, I've again had to disable some accounts.