WordPress.org just released the latest version of their popular blogging platform, WordPress. The new 2.8 version has quite a lot of new features compared to the previous 2.7.1 version.

WP 2.8 is a major update. It’s much faster than any of the previous versions because of a new way of scripting and lots of tweaks to the styling. One major update is the way themes can now be installed. Remember when WordPress 2.7 brought installation of plugins from within the admin menu? We can now install themes in pretty much the same way. Just browse or search for the theme, and hit install.

Here are a few highlights of the changes in the new version:

• New drag-and-drop widgets admin interface and new widgets API
• Syntax highlighting and function lookup built into plugin and theme editors
• Browse the theme directory and install themes from the admin
• Allow the dashboard widgets to be arranged in up to four columns
• Allow configuring the number of items to show on management pages with an option in Screen Options
• Support timezones and automatic daylight savings time adjustment
• Support IIS 7.0 URL Rewrite Module
• Faster loading of admin pages via script compression and concatenation

The full list can be viewed here. Download WordPress 2.8 here, or you can just upgrade from within the Admin menu by going to Tools->Upgrade.

WordPress follows the Open Source policy of release early, release often. While this is a pretty good thing – you get fast releases to security exploits and loads of new features – but updating can be a rather problem, especially so if its something as important as your site’s CMS.

Fortunately Keith D’Souza has written a VERY NEAT plugin – WordPress Automatic Upgrade Plugin which makes it a painless affair to upgrade your WordPress installation. WordPress Automatic Upgrade updates WordPress installation in a step by step manner.

Read more…

The good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a loophole which occurs if your blog has registrations open.

From the horse’s mouth:

If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

So if you want your blog to remain harmless, upgrade to 2.6.2 ASAP! Hey if you don’t know how to upgrade, don’t sweat! Here’s an easy and harmless way to upgrade your WordPress installation