We’ve just upgraded all of our WordPress blogs to WordPress 3.3.2,. Assuming you’ve kept up to date, the upgrade is very minor . The changes between 3.3, 3.3.1 and 3.3.2 are predominantly security related, and shouldn’t cause any issues with themes or plugins. To be clear, there aren’t any major security issues to be concerned with here, but moving up to 3.3.2 (if we were back at 3.3) addresses the following issues:
- Potential cross-site scripting vulnerability on WordPress sites configured directly by IP address.
- A couple of other potential cross-site scripting / redirect issues.
- Potential issue with privilege escalation for admin users in WordPress networks.
- Plupload issue – the code WordPress uses to upload files.
- SWFUpload issue – the old code WordPress used to upload files.
- SWFObject issue – code used to embed Flash content.
While we are on the topic of upgrades, WordPress 3.4 is just around the corner (currently in beta). The upcoming release features a number of enhancements to internationalization functionality, particularly of interest for non-English WordPress users, new features for theme designers (child themes and configuration for headers and backgrounds), and a number of performance enhancements and API tweaks, which will need a fair bit of testing with older plugins and themes before sites can be upgraded.
As ever, always keep regular back ups of your blog – you don’t want to lose any of those hard written posts, hard-earned comments or those pictures, videos and links you spent hours curating. For our business blogs, we back up databases nightly, and keep a rolling archive. Uploads and other content are mirrored to our standby servers in real-time. If you can’t afford that sort of protection, then at least take an export of your blog once every few posts, and do keep a local copy of any images or other files that you upload. And, of course, always do a full back up before any upgrade or adding plugins.
Happy, and safe, blogging!