WordPress 3.5.2 has been released. It’s a maintenance release, including a number of important security fixes, as described here. I’ve run the automatic upgrade on 5 blogs and it went through with no problems.
It includes loads of security features, including the big ones mentioned in the recent attacks:
Of the 5 blogs I manage, 4 worked straight off with this plugin. Unfortunately, one required a few attempts, so remember to take filesystem and database backups before you start or you may not end up in a happy place.
Over the week since activating the plugin I’ve been quite interested/scared by the results. I’ve been getting several emails a day telling me of user lockdowns due to attempted brute force attacks originating from USA, Russia and the Netherlands.
If you have a self-hosted WordPress installation, you really need to take some basic steps stop yourself becoming a victim. There are a number of security plugins available, which I’m sure work equally well, but I only have experience of this one.
Assuming my current WordPress prefix was “wp_” and I wanted to change it to “banana_”, then I would do the following…
Take a backup of your database and file system. Remember, if you screw up and trash your blog you will thank yourself for the extra time you spent doing this!
Amend the “$table_prefix” setting in the “wp-config.php” file.
$table_prefix = 'banana_'; // Only numbers, letters, and underscores please!
Rename all the tables, swapping the “wp_” prefix with “banana_”. For example, the following statement would rename the “wp_comments” table to “banana_comments”.
RENAME TABLE wp_comments TO banana_comments
Perform the following updates.
UPDATE banana_options SET option_name = 'banana_user_roles' WHERE option_name = 'wp_user_roles' UPDATE banana_usermeta SET meta_key = 'banana_capabilities' WHERE meta_key = 'wp_capabilities' UPDATE banana_usermeta SET meta_key = 'banana_user_level' WHERE meta_key = 'wp_user_level' UPDATE banana_usermeta SET meta_key = 'banana_autosave_draft_ids' WHERE meta_key = 'wp_autosave_draft_ids'
If you don’t do these updates, the blog will work, but when you try to access the admin site you will be greeted with a message saying,
You do not have sufficient permissions to access this page.