WordPress 2.6 disables remote access, swats 194 bugs

Summary:WordPress, one of the fastest growing blog software providers, has shipped a new update with fixes for nearly 200 bugs and a major security-related change to disable remote publishing protocols by default.With WordPress 2.

WordPress to disable remote logins by default
WordPress, one of the fastest growing blog software providers, has shipped a new update with fixes for nearly 200 bugs and a major security-related change to disable remote publishing protocols by default.

With WordPress 2.6, the open-source software promises to be more secure out-of-the-box with full SSL support in the core, and the ability to force SSL for security.

Even more importantly, WordPress has disabled the Atom Publishing Protocol and the variety of XML-RPC protocols by default to shut down a potential security risk.

The software upgrade also comes with "a number of proactive security enhancements, including cookies and database interactions," and about 194 bug fixes, some security-related.

WordPress lead developer Ryan Boren has published more details on SSL and cookie handling.

If you manage a WordPress blog, this should be considered an important update.  You should also pay close attention to Matt Mullenweg's security recommendations.

* Image source: Nikolay Bachiyski's photostream (Creative Commons 2.0)

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.