Security Updates - Please report issues!

Date January 9, 2008

We discovered an exploit in the version of Wordpress we were running, so to keep you all safe we decided to go ahead and upgrade you to a newer version that did not have the problem.

Due to the customizations you all have done on your sites, I can’t guarantee you won’t experience problems, but I can guarantee that I’ll work to see that any issues you are having are resolved as quickly as possible.

You can submit issues here: http://www.mykansaslibrary.org/i-need-help

Please be sure to explain as thoroughly as possible what your issue is, what is missing or additional, and “how it used to look.”

That said, if you’re seeing one of the following issues, try these instructions before getting in touch. May just save us all a ton of time. :)

ISSUE: My widgets have gone funny or my site doesn’t look right!

Not seeing the usual sidebars? The widget interface looks right but the widgets aren’t being displayed? Try this:

  1. Log in to the admin panel
  2. Click on Plugins
  3. Deactivate the “Activate All” plugin, if it is activated (green)
  4. Deactivate the “Wordpress Widgets” plugin if it is activated (green)
  5. Check your site, the widgets/sidebars should be back to normal.

This happens because some of the sites were on a version that still required the widgets plugin, which the newer version has built in. Deactivating the Widgets plugin usually fixes the problem.

ISSUE: Database error that references Subscribe2 when posting.

If you see a problem that references subscribe2, like the following:

WordPress database error: [Table 'frankfort.wp_subscribe2' doesn't exist]
SELECT email FROM wp_subscribe2 WHERE active='1'

Do the following:

  1. Log into the admin interface
  2. Click on the plugins menu
  3. Deactivate “activate all” (it will be green if active, white if inactive)
  4. Deactivage “subscribe2″ (it will be green if active, white if inactive)
  5. Drop me an email or submit a request through this site that you want to have the new version.

ISSUE: You have permalinks enabled, but you are getting numbered urls (or, your pages don’t work)

  1. Log into your admin interface.
  2. Click on Options.
  3. Click on Permalinks.
  4. If you have your pages listed as http://your.url.org/pagename, the bottom radio button should be checked.
  5. Click “Update Permalink Structure”

ISSUE: I can no longer upload plugins or themes.

In the course of the events that precipitated this update, we discovered that it was actually a couple of the plugins that were allowing the bad people to deface our sites. In order to mitigate this threat (in addition to bringing the sites up to date on their Wordpress version) we have removed this functionality. As a work around, you can download the theme and email it to lrea at nekls.org, including which site you would like to add the theme to (your URL, i.e. yourtown.mykansaslibrary.org or www.yourtown.org) and she will upload it to your site for you.

We intend to put this functionality back in at some point, but it is going to require us to write or procure a plugin that does not allow the kind of security breaches that were allowed by the previous plugin. We apologize for any inconvenience this may cause you.

Additionally, watch this post for any other frequently asked questions about this particular upgrade.

Category Posted in FYI

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>