WordPress 2.8.5 has just been released. The main additions are security tweaks, which makes the update a must download. The updates in this release include:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
The WordPress crew is also recommending users download the WordPress Exploit Scanner plugin to search for any exploits that might be installed on your server. We use the exploit scanner on several of our sites and it’s a good step to take to harden your WordPress installation for security.