Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 15th, 2008

New Features, Security Improvements And Above 194 Bugs Fixed In WordPress 2.6

WordPress has shipped a new version, 2.6, with fixes for almost 200 bugs and a major security-related change to disable remote publishing protocols by default. WordPress 2.6 is supposed to be more secure by default after fresh installation, includes SSL support and the ability to force SSL for security. In the new version the Atom Publishing Protocol and the variety of XML-RPC protocols are disabled by default to shut down a potential security risk.

Here is a list of changes and improvements as it was posted on WordPress website:

Post Revisions: Wiki-like tracking of edits

Press This!: Post from wherever you are on the web

Shift Gears: Turbo-speed your blogging

Theme Previews: See it before your audience does

Word count! Never guess how many words are in your post anymore.

Image captions, so you can add sweet captions like Political Ticker does under your images.

Bulk management of plugins.

A completely revamped image control to allow for easier inserting, floating, and resizing.

It’s now fully integrated with the WYSIWYG.

Drag-and-drop reordering of Galleries.

Plugin update notification bubble.

Customizable default avatars.

You can now upload media when in full-screen mode.

Remote publishing via XML-RPC and APP is now secure (off) by default, but you can turn it on easily through the options screen.

Full SSL support in the core, and the ability to force SSL for security.

You can now have many thousands of pages or categories with no interface issues.

Ability to move your wp-config file and wp-content directories to a custom location, for “clean” SVN checkouts.

Select a range of checkboxes with “shift-click.”

You can toggle between the Flash uploader and the classic one.

A number of proactive security enhancements, including cookies and database interactions.

Stronger better faster versions of TinyMCE, jQuery, and jQuery UI.

Approximately 194 bugs fixed.

WordPress blogs owners should consider to download this important update since many of the bugs in older versions are abused by spammers or leave the blog vulnerable to hackers.

Share this item with others:

More on CyberInsecure:
  • WordPress Multiple SQL Injection Vulnerabilities
  • XSS Flaw Fixed In Latest WordPress 2.6.5
  • WordPress Cookie Integrity Protection Allows Unauthorized Access
  • WordPress Parameter Directory Traversal Vulnerability
  • WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Features, Security Improvements And Above 194 Bugs Fixed In WordPress 2.6

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.