Staying updated and current with wordpress releases is always a good thing and highly recommended. And hot on the heels of 2.8.3 is yet another security release 2.8.4 which is being made available to all as I type this. I have just upgraded this blog and all is good

2.8.4 addresses a security vulnerability discovered a couple of days ago -

A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

As always you are highly advised to upgrade as soon as possible to avoid such nuisance. And once again is a reminder to follow the upgrade procedures in order to avoid having a botched up upgrade.

1. Backup your core wordpress files – especially the wp-content folder and your wp-config.php file.
2. Backup your database – either by using the phpMyAdmin interface or the wp-db-backup plugin.
3. Deactivate all the plugins – this is as import as the 2 teps above, failure to do so me cause severe malfunction of the upgrade and a whole load of heartaches for some.

Once all 3 steps have been taken care of you can go ahead and upgrade using the automatic upgrade facility – the link should be at the top of your admin dashboard. If not then navigate to Tools>>Upgrade and all should be ok.

Should you run into difficulties or are faced with a botched up upgrade, we are at hand to a helping hand. Let us know by leaving a comment or use the contact us form – all written advice via email or comments are free of charge. If you require a hands on assistance there will be a nominal fee charged, contact us for details.