Over night WordPress 3.1.4 was released.

WordPress 3.1.4 is a maintenance and security update, which fixes an issue that could allow a malicious Editor-level user to gain further access to the website.

It also incorporates several other security fixes and hardening measures.

OM4 clients will be happy to know that as part of their hosting, administration and support service all of their websites have already been updated to WordPress 3.1.4. See the OM4 Change History page for more details.

WordPress 3.1.4 Security Release

Recently Matt Mullenweg wrote a blog post explaining why a strategy of keeping up to date with WordPress upgrades and patches is a good idea: How To Keep WordPress Secure

All our OM4 websites run on WordPress. Each time a WordPress upgrade or patch is released, we assess it and apply it.

When security patches are released, we apply them promptly.

With larger upgrades, it might take us a bit longer to make sure any required changes are integrated to enable new functionality. Some upgrades introduce a lot of new functionality that require changes to theme files. Sometimes plugins aren’t compatible with updates and we have to co-ordinate the update with plugin updates to keep everything working together.

We’ve been doing this ever since launching our first WordPress site, and plan to keep doing it. As Matt says, there are no guarantees, but it is a good strategy for keeping your WordPress website secure.

Keeping WordPress Secure

If you are getting stuck at this prompt, read this post

In short, if you use ssh to connect to a remote server, you can setup an RSA public/private key pair to allow you to connect to your server without a password. In Leopard 10.5 this doesn’t seem to always work as it used to, and I couldn’t find an article that gave a solution.

So, here is a way to get your passphrase loaded in to your keychain to avoid the annoying password window (that won’t let you enter your ‘password’).

1. Clear the contents of your ~/.ssh directory and set the directory permissions to 600
$ rm ~/.ssh/*
$ chmod 600 ~/.ssh

2. Generate your rsa key pair (there are variations for this, but this is the version I used):
$ ssh-keygen -t rsa

3. Set the permissions for all files in ~/.ssh to 600
$ chmod 600 ~/.ssh

4. Copy your id_rsa.pub key to your server’s .ssh/authorized_keys file

5. Add your passphrase to your keychain using this command:
$ ssh-add -K
(you will see Enter passphrase for [your system]/.ssh/id_rsa: )

6. You are all set to login using ssh without a password

This is a solution to the passphrase problem – here is more general information if you want to learn more about setting up ssh with an RSA key pair.

Mac Leopard: ssh, RSA key pairs, passphrases and the annoying password window