2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
Go ahead and download the upgrade as soon as you can. If you have a few blogs to upgrade, there are only six new files so it’s easy to do:
I get asked this question a lot, but you’ll find it’s quite easy to do. ”How do I link to another site from inside a blog entry?” Below a short video to show you how:
As reported on my SEO blog, the first RC for WordPress 2.8 is out. I just upgraded this blog from 2.7.1 to this Release Candidate and it was a very smooth, quick update.
We’ve had a few people ask the very basic question: “how do I login?”
It seems easy, but if you’re new to WordPress and you switch to a theme that doesn’t include the meta information on the site, you might not be able to remember. All you need to do is simply visit your blog homepage and put “/wp-admin” at the end of the URL.
For example, if your blog is “myawesomeblog.com”, then it’d be “myawesomeblog.com/wp-admin”. If you blog is in subdirectory, like “myawesomesite.com/blog”, then you’d put the wp-admin after the directory, like “myawesomesite.com/blog/wp-admin”.
If you’re somehow still confused about that, here’s a short video that I hope helps.
Welcome to the WordPress help blog. We’ll be posting screenshots and video tutorials to help you as you learn to use WordPress. If you have a specific question, please use our contact form and we’ll help you out. Thanks!
