WordPress 3.0.2 released

WordPress has released version 3.0.2 to address a privilege escalation user  for users having author access.   Upgrading is recommended by the vender even if you don’t have untrusted authors.

The upgrade went smoothly on this blog.  But on another blog, the update didn’t complete and the blog was stuck in maintenance mode.   After taking care of that (delete .maintenance), I had to reinstall the update.   I found not every file was updated successfully on the first attempt.

As always with WordPress updates, take a backup, and disable all plugins before the update.

After the update, you’ll want to review any security steps you’ve previously done.   The update added a readme.html back to the root directory.   Most recommend deleting that as it contains the WP version.  In my case there are many other areas where the version is leaked so I don’t think that is such a big deal.   Just always update when a new version is out.


      • I am curious do you always disable the plugins prior to an upgrade as recommended? I was thinking about testing not doing it on a test site to see if it has any negative results and to help get some idea of which plugins might not be compatible yet.

        • On my very first WP upgrade, it looked to me like the WP firewall thought it was being attacked and I got stuck in maintenance mode. Although to be fair, on updates since I’ve ended up with a update that didn’t complete even when all plugins are disabled.

          WP makes it easy to restart plugins that were stopped recently, so its only a couple of clicks to disable the plugin. So I dont see a lot of risk in disabling plugins before updating.

Comments are closed.