WordPress 2.6 disables remote access, swats 194 bugs

WordPress to disable remote logins by defaultWordPress, one of the fastest growing blog software providers, has shipped a new update with fixes for nearly 200 bugs and a major security-related change to disable remote publishing protocols by default.

With WordPress 2.6, the open-source software promises to be more secure out-of-the-box with full SSL support in the core, and the ability to force SSL for security.

Even more importantly, WordPress has disabled the Atom Publishing Protocol and the variety of XML-RPC protocols by default to shut down a potential security risk.

The software upgrade also comes with “a number of proactive security enhancements, including cookies and database interactions,” and about 194 bug fixes, some security-related.

WordPress lead developer Ryan Boren has published more details on SSL and cookie handling.

If you manage a WordPress blog, this should be considered an important update. You should also pay close attention to Matt Mullenweg’s security recommendations.

* Image source: Nikolay Bachiyski’s photostream (Creative Commons 2.0)

[Source: zdnet]