Wordpress 2.8.5

Peter Westwood announced it in a post on the official Wordpress blog, explaining that the staff identified a number of security hardening changes that were worth back-porting to the 2.8 branch (instead of an immediate release of 2.9). Upgrade is very quick and easy with automatic feature recently released.

The headline changes in this last release are a fix for the Trackback Denial-of-Service attack that is currently being seen; the removal of areas within the code where php code in variables was evaluated; switched the file upload functionality to be whitelisted for all users including Admins; the retiring of the two importers of tag data from old plugins

Peter Westwood recommends to upgrade to this new version to have the best available protection.He also invites to “take a look at the WordPress Exploit Scanner.  This is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.  You can read more about this plugin here – “WordPress Exploit Scanner“.

I made exactly what he suggested: after the download I installed the plugin and launched it, but it doesn’t seem to work: after a long while a white page appears and no informations at all.