WordPress 2.32 Released – Update Your Blog Now

If you haven’t already heard, the latest version of WordPress has been released. It includes a number of changes including one security fix (vulnerability for people to see your draft posts), and my favorite new addition — support for a custom database error page. The error page (db-error.php) will be displayed when WordPress has a problem connecting to your database, instead of cryptic and embarrassing php coded and WordPress branded error message.

Typically if you’ve wanted to have a custom error page you needed to edit the /wp-includes/wp-db.php and /wp-includes/functions.php files. This isn’t difficult to do but it’s editing the core WordPress files which typically get overwritten the next time you upgrade your instance of WordPress. I’ve actually done this for my blog so it’s been a pain when it comes time to upgrade but in my opinion it’s worth the trouble. Now with this new db-error.php addition, it will save me the hassle!

After upgrading to the latest version of 2.32, I discovered that the db-error.php page isn’t included. You need to create a db-error.php file and then create the appropriate html code and place it in the wp-content directory such that its location will be wp-content/db-error.php. I’m not sure why it’s not in your themes folder instead since it can easily get misplaced and each theme should have it’s own version (so you can style it accordingly). Quick Online Tips and 5ThirtyOne both provide simple db-error.php templates you can use for your blog. Like both posts mention, I’d also make sure to include your blog’s css so it’s branded and more professional-looking.

Here is a list of most of the changes in detail:

• Performance improvements for post sanitization when raw content is required
• Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts
• Suppression of database errors unless WP_DEBUG is true
• Check for valid database connection information during install and display and error if the install fails due to database rights
• Support for a custom database down page to be displayed on database connection errors
• Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types
• Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack
• Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post
• Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check
• Addition of extra capabilites checks to xmlrpc methods
• Addition of extra capabilites checks to APP server
• Changes to validate_file() to improve its traversal attempt detection when running on windows

So if you haven’t already, it’s a good idea to upgrade to this latest version of WordPress 2.32. Make sure to backup your database, wp-config.php and theme files before you do just to be safe. It’s also smart to make sure all your plugins are going to be compatible with this newer WordPress version. Since it’s only a small upgrade it most likely won’t be a problem. I wish WordPress would tell you which files actually need to be updated instead of expecting you to download and overwrite all files. They should do this for at least the small upgrades like this. Not only is it a waste of download and upload bandwidth, but it takes time and potentially brings your blog down during the maintenance.

Upgrade to WordPress 2.3.2 now

Ready to super charge your blog? Check out our partners professional premium WordPress themes!

If you like this post then please consider subscribing to our eBlog Templates RSS feed. You can also subscribe by email and have new templates and articles sent directly to your inbox.