Wordpress 2.8.4 was released yesterday (August 12, 2009) and if you haven’t upgraded your blog yet, you should do so ASAP.  You can upgrade to Wordpress 2.8.4 from your dashboard or download the latest version here.

There was a security vulnerability found in the previous Wordpress version that allowed people to use a special URL that could bypass the security for password resets.  In essence, this would enable a hacker to hit user accounts (like the admin account), reset your password, and have access to your blog.

Think it couldn’t happen to your blog?  It can – Robert Scoble’s site was hacked into yesterday.  Don’t let this happen to you!

We luckily upgraded all of our Wordpress sites when the release was announced and haven’t had any problems. 

Security Not a Drawback to Using Wordpress

Some people use security issues like yesterday’s as an excuse to not use Wordpress.  However, the window is very small between the time hackers discover a vulnerability and Wordpress finds out about it and creates a solidly tested solution.  The power of using an open source CMS with such collective knowledge going into its development really gives Wordpress users the blogging edge, with an extremely robust platform. 

To put it plainly, there is no better than Wordpress, so don’t let yesterday’s security issue scare you away.

Remember that Wordpress updates are critical for your security and should be installed as soon as you know about them.  You can keep informed of these updates by simply checking your Wordpress dashboard or following the Wordpress Blog.