WordPress 2.0.6: CRITICAL Security Release

WordPress 2.0.6 was released today. This is a critical security release (There are at least two security flaws that I know of that were fixed in this version). I went ahead and upgraded all of our blogs successfully.

If you manage more than, say, 10 blogs then perhaps Brian Layman’s script will be useful for you. As I noted in his comments, I do something similar but in a different way. It took me 4 minutes and 15 seconds to upgrade all 181 blogs currently active or being prepped in our network.

Aaron Brazell

Aaron Brazell is a Baltimore, MD-based WordPress developer, a co-founder at WP Engine, WordPress core contributor and author. He wrote the book WordPress Bible and has been publishing on the web since 2000. You can follow him on Twitter, on his personal blog and view his photography at The Aperture Filter.

10 thoughts on “WordPress 2.0.6: CRITICAL Security Release

  1. Whoooooooooooosh. Over my head. Do you have any plans to write a more detailed tutorial how 181 blogs in 4 minutes 15 seconds can be ugraded? I know I would grateful :)

    I still have a few blogs at 1.5.2 version .. the rest range between 2.0.2 and 2.0.5. I’ve got 42 sites .. which has been taunting me just to wait until 2.1 version comes out of beta.

  2. Thanks for the link Aaron and thanks for looking over the script! I really appreciate it.

    Hart: Yeah, I tried to make that post daunting. I guess it worked! The final process isn’t bad. You download the script, edit the top lines to specify your 42 blog directories and their urls, and from then on it will take seconds to go to go through any upgrade. I just didn’t want to release it, and suddenly have 200 people coming after me for wiping their blogs. Heck, I didn’t want to have one person come after me… So I needed confident guru’s like Aaron to put their toes in water first.

    In any case, you REALLY want to update those older sites ASAP. I could demonstrate why, for you, by deleting a few of your posts for you if you like and you wouldn’t even be able to tell how it happenned. ;) Please see my A few words about the RISKS of WordPress 1.2, 1.5, 2.0 or anything less than 2.0.4 post if you’d like a much more wordy recommendation… The holes plugged by 2.0.6 are just as bad.

  3. uh .. thanks Brian, but I think I’ll pass on your offer to delete some of my older archives :) I believe you!

    For now = I do plan to upgrade the older versions .. I have to figure this out once they are all on the same playing level for future upgrades. I also have many plugins activated that some need upgrading to.

  4. Yeah, the plug in world has become soooo much better since 1.5 days but still there are some that require you to edit the core WP code.

    In that sort of a situation, scripts and automation aren’t that helpful unless you also script the process of updating editing the files too, and THAT’s tricky to do in a version generic way.

    The one good thing is that you won’t have to do a multi step upgrade. Every WordPress release is a cumulative upgrade. They’ve really done a great job in this area…

  5. “It took me 4 minutes and 15 seconds to upgrade all 181 blogs currently active or being prepped in our network.”

    Whoa! That’s sweet.

  6. Hi Matt!

    Perhaps I’ll post the script I use to do this though it’s nothing uber-magical. We have a central database that houses all kinds of info about our blogs and bloggers and so I get a list of URLs from it, do some matching against /etc/passwd where the comment field has the the domain and if it’s a match, I copy in from a depot with the current “image” of WordPress. I then use cURL to run the upgrade script and it’s off to the races.

    Additional bells and whistles include an array for plugins to remove and blogs that shouldn’t be upgraded (such as mine since I run 2.1).

  7. I did the upgrade again with the bugfix that failed to make it in to the original 2.0.6 and this time the upgrade took 6 minutes and 23 seconds. Oh well, you can’t win ‘em all. :)

Comments are closed.