[Security] Outdated WordPress Notice


Tuesday, September 2nd, 2008 - Security

We have sent out notices to all of the accounts that we show as having outdated WordPress installs. You should have received one of these notices if you have an outdated WordPress script on your hosting account and if your contact information is up-to-date in our billing database. If you did not receive a notice and you think you might have an outdated install you can always submit a support request and have our technicians take a look at your account.

We have posted instructions for upgrading WordPress installs. You can follow these instructions if you want to upgrade your WordPress install to the latest version. The latest version at the time of this posting is 2.6.1. If you installed WordPress through Fantastico then you need to log into your control panel and use the Fantastico link and interface to update your WordPress to the latest version. If you installed WordPress through Fantastico and you try to update it through some other means then this could have potentially adverse affects on your hosting account and WordPress install.

I have also developed an experimental WordPress updater that I can run on your account to upgrade a given WordPress install. At this time the software is just experimental, but I am willing to try the software on your account if you want me to and if you are aware of the risks. The updater may cause your WordPress install to stop working, but I need to run the updater on some installs to figure out if there are any bugs or any ways to improve the system. If you want me to run the updater on your WordPress install just submit a support request ticket with your valid username and password information and a note containing what WordPress install to update and a note that you understand the risks involved. I will have to have the correct username and password of your account in order to validate that you are the true owner of the account before I can run the update. I also may have to turn away update requests through the WordPress updater if problems are encountered.

If you are not using the WordPress installs that are listed and you want them removed, you can submit a support ticket instructing us to remove the script. Again we need to know specifically what WordPress install to remove and the valid username and password for the account. Please Note, if you tell us to remove a WordPress script from your account then that script will be deleted and cannot be brought back. So if you tell us to remove a WordPress script from your account, you need to be sure that this is really the action you want to take.

Some of you may be running reasonably up-to-date WordPress scripts on your account and you may be safe from any major security exploit. However I still recommend that you upgrade to the latest version of WordPress, version 2.6.1. You just never know when a minor flaw may escalate to a major threat. One thing is for certain, if you are always running the most up-to-date version of any actively developed script then you know that you have done the most that you can do to keep your script and website secure.

Scott