Yesterday WordPress 3.6.1 was released. Here are the details from WordPress.
WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
- Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
Don’t Forget to Do the Backup
Before doing any updates backup your site. I use the WP-DB-Backup plugin.
Problems After the Backup?
Most of the time the backup will literally take about two minutes and there will be no problems at all. In those few instances were there are issues:
- Disable plugins one at a time to see if that clears things up. If a plugin is incompatible with a WordPress upgrade then see if there’s an update for the plugin. If there isn’t, email the developer of the plugin and ask for help. Honest. Most plugin authors are happy to help.
- If the plugins aren’t causing the problem then the next issue to look at is the WordPress theme. Try switching to one of the default WordPress themes to see if the problem goes away. If it does then check for a theme update.
You can also have me look at the issue. Feel free to contact me if you have problems after a WordPress upgrade. And if you’re too busy to deal with this, I’m offering an inexpensive WordPress upgrade/update service.
Speaking of WordPress
I’m busy working on a new, WordPress-driven version of this website. Stay tuned . . .