As with any technology that becomes popular, there are always people out there who decide to develop ways to attack, hack, exploit, and just plain break it! In my opinion, Apple will soon be facing this problem as well as Macs become more and more popular.

WordPress is no different, and with WordPress popularity growing at a fast pace and being so widely used, there have been some security breaches already performed.

The developers are trying their best to keep our WordPress homes as safe as possible, and an important step that you can take if you have a WordPress blog is to always ensure to update your installation when they release one of these newer versions.

The main updates are as follows:

* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.

If you have a WordPress blog that’s not on WordPress.com, it is recommended that you apply any and all updates as soon as possible to avoid any potential disruption that could be caused by any number of exploits that have been used recently, so if you haven’t done so yet, don’t even finish reading – my blog will still be here later – go update your WordPress installation immediately! As soon as possible! Right now! (Do you feel my sense of urgency yet?) Also, don’t forget to always backup your files and your database. There are two plugins that I recommend for backup.

WP DB Backup is a more basic and easy-to-use plugin that you can use to manually back up your database, or you can create a schedule to backup your database on a regular base (such as daily, or weekly, etc.).

WP DB Manager is another good plugin to use, and it does a lot more than just backup your database:

Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimizing of database.

For more information on this latest security update, read the blog post on the WordPress.org Blog:

http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/

Related posts:

1. WordPress Security Tips: Avoid The Hackers Series (Part 1)
2. Differences Between WordPress.com and WordPress.org
3. Steps to Maintaining Your WordPress Site or Blog
4. PluginBuddy’s BackupBuddy Saved My WordPress Site!
5. WordPress Plugins: Friends or Foes?