WordPress 3.1.2 Upgrade- What are the information security implications?

I logged into the WordPress admin panel today and noticed it is once again time to consider when to apply the latest WordPress version update. A quick scan of the update shows it is a very minor one with nothing standing out from either a functionality or security perspective that makes a quick upgrade a necessity.

My typical recommendation is two wait about 2 weeks before applying a WordPress version update unless there are some high risk security vulnerabilities mentioned in the release. You can feel safe allowing at least a two week burn in for WordPress 3.1.2 at this point to allow any bugs to be detected and resolved without you playing the role of guinea pig.

Security Details of WordPress v3.1.2

The only element mentioned in the WordPress v3.1.2 upgrade summary is related to a vulnerability in the contributor access permission around post publishing abilities. The contributor role already has a good bit of posting privilege so this seems very minor from a security stand point.

Fixes a vulnerability that allowed Contributor-level users to improperly publish posts. (r17710)

WordPress version upgrade best practices

  • Apply all plugin updates prior to updating the WordPress version.
  • Take a full backup of your entire site prior to the update (a good precaution even though 99 times out of 100 the update is painless)
  • Apply the update at an off peak time when your usage base is smaller and you or your technical resource would be available for troubleshooting if a restore were required.

If you require WordPress backup guidance consult this additional material.

Help a friend by passing on these useful information security tips
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks