You are here: Home / Blog / WordPress 3.1.1 Update – Critical WordPress Security & Maintenance Release

WordPress 3.1.1 Update - Critical WordPress Security & Maintenance Release

By 15 Comments

WordPress 3.1.1 UpdateWordPress version 3.1.1 has been released to the public as of April 5, 2011.

This important maintenance and security release fixes close to 30 issues found in version 3.1, including security bugs.

You should update your WordPress blog to version 3.1.1 immediately!

WordPress 3.1.1 Upgrade Summary:

  • Security hardening for media uploads (Cross-Site Request Forgery (CSRF) prevention).
  • Prevent potential PHP crashes caused by complex hyperlinks (stop maliciously devised links in comments).
  • Corrected XSS flaw on database upgrade screen (Cross Site Scripting).
  • Fixes for IIS6 support.
  • Taxonomy and PATHYINFO (/index.php/) permalinks fixes.
  • Various query and taxonomy edge cases that caused some plugin compatibility issues.
  • Additional performance improvements.

    So far I have seen two posts at the WordPress.org Forums regarding WordPress 3.1.1. One stating that image cropping is not working and another regarding post titles and SEO issues with 3.1.1.

    WordPress & Security Resources

    Important!

    If you're self-hosting WordPress on your own domain, it is important that you upgrade to WordPress 3.1.1 as soon as possible.

    Leave your feedback

    Have you upgraded to WordPress 3.1.1? Did you upgrade WordPress automatically through the Dashboard or manually? Do you have any WordPress plugin issues with WP version 3.1.1? If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.

    Securely yours,

    Regina Smola
    WordPress Security Expert
    Follow me on Twitter
    Follow WPSecurityLock on Twitter
    Become a Facebook Fan

    Pin It
    Filed Under: Blog, WordPress Updates Tagged With: , , , ,
    About Regina Smola

    Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com and WPSecurityClub.com.

    She has helped thousands of WordPress users tighten security on their WordPress blogs and written numerous articles, books and action guides on securing self-hosted WordPress websites.

    Regina provides WordPress Security Services for clients with both new and existing WordPress websites. She also offers individual consultations and group training on WordPress security. More about Regina Smola.

    Comments

    1. Lilia Lee says:
      April 6, 2011 at 4:33 am

      Thank you for this post. I found that the last upgrade broke the functionality of some plugins, particularly video players. Hopefully, the update will fix the problem.

      Your posts are vey helpful and timely.
      Follow @ on Twitter

      Reply
    2. Fox says:
      April 11, 2011 at 10:45 am

      Found that upgrading to 3.1.1 broke a text widget. I've removed the widget and deleted it, but it still shows the title of the widget in the sidebar, but not the content in the text widget. Weird. Can't seem to fix it.
      Follow @ on Twitter

      Reply
    3. Hemalatha says:
      April 18, 2011 at 7:13 am

      Hello Regina,
      This is Hema again.

      Has Godaddy site's been attacked by New Virus ?

      Yesterday when i accessed my site I got an AVG Alert and Exploit blackhole was blocked.
      I continued using my site (note: I didn't login to my site) and again another attack,
      and AVG asked me to block it and move to vault.

      I did it. And after that i was unable to use my applications like mozilla FF, IE and CCleaner as it said .exe was deleted.

      I got suspicion on the ads I was running on my site.
      I'm running Juicy Ads, Ero-advertising, Exoclick and Adxpansion.
      I just guessed one of the Ero-advertising AD might be spreading the virus,
      So I deleted the Ero-advertising ad.

      Re-installed Windows OS.

      Today morning again I tried to access my site and got another AVG Alert,
      Some Exploit Blackhole blocked.

      I have got few Questions:
      -------------------------------------

      Q 1. Is one of the ads spreading the virus ?
      Q 2. Is Godaddy site's been hacked ?
      Q 3. How can I run an "Online Site Scan" ?

      Thanks for the help :(

      Reply
      • Hemalatha says:
        April 18, 2011 at 7:25 am

        ==========
        1st Alert:
        ------------------

        Infection: Exploit Blackhole Exploit Kit (type 2002)
        Object: reg.jemone . com/index. php?tp=fd76b8e3ad25f317
        Result: object was blocked

        Screenshot: http://i54.tinypic.com/2w7r7er.png

        ==========
        2nd Alert:
        ------------------

        I didn't note the details.
        It asked me to move to vault.
        I moved it to vault and after that computer didn't work properly.
        So I RE-INSTALLED windows.

        ==========
        3rd Alert:
        ------------------

        Infection: Exploit Blackhole Exploit Kit (type 2002)
        Object: home.bouncealisious . com/index. php?tp=fd76b8e3ad25f317
        Result: Object was blocked

        Reply
      • Regina Smola says:
        April 18, 2011 at 12:03 pm

        Hi Hema,

        Thanks for your comment and questions.

        I have not heard anything about GoDaddy getting hacked again, so it may be just your website.

        You can run an online scan and get monitoring here: http://www.wpsecuritylock.com/sucuri

        Connect with me on Skype and I'll see if I can help you out: wpsecuritylock.

        ~ Regina

        Reply
    4. Hemalatha says:
      April 18, 2011 at 10:11 pm

      Thank you Regina.

      Pl check the screenshot of the result. Site is clean.
      But there is a red alert for the index.php file. I checked it but didn't find any suspicious codes.

      Screenshot: http://i51.tinypic.com/17v5aw.png

      Do you think it must be some of the advertisements ?

      Reply
      • Regina Smola says:
        April 27, 2011 at 7:54 am

        Hi Hema,

        The red alert is showing because your internal path is showing to the public. You can hide it by making a change in your root's php.ini:

        display_errors = Off

        Hope that helps,

        Regina

        Reply
        • Peter Paul says:
          May 16, 2011 at 2:50 am

          Hi Regina.

          Now that I have set my display_errors to Off in my php.ini, does that mean that my root directory will be invisible to the public? or can they still view my internal path? If so, is there another way to protect it?

          Thanks for answering my question. ^_^
          Follow @ on Twitter

          Reply
          • Regina Smola says:
            May 17, 2011 at 8:12 am

            Hi Peter,

            Thanks for your question. It's a good idea to hide your internal server path in case of any PHP errors, for example:

            Undefined variable: options in /home/whatever/public_html/wp-content/plugins/add-to-any/add-to-any.php on line 488

            As you can see by the above error, the exact location of your server path is displayed. To hide errors like these, you need to set display_errors= Off in your php.ini file.

            By disabling it, these errors will not be displayed publicly from a browser. And you can still use WP debug feature to find them.

            Good job on disabling yours :)

            ~ Regina

            Reply
        • Alessio says:
          May 9, 2012 at 9:43 am

          Just a note: if you are using an extremly restrictive shared hosting just put the following line at the begin of the file reported by the scanner (usually index.php inside the theme folder):

          Hope that helps,

          Alessio

          Reply

    Speak Your Mind

    *

    You can add a link to follow you on twitter if you put your username in this box.
    Only needs to be added once (unless you change your username). No http or @     Twitter