{{in the late evening}} June 27th, 2005 › Wordpress Version Check
Recently a lot of people have been hit by a wordpress security vulnerability that was fixed with an hour of it being reported about a month ago. Why have they fallen prey to this vulnerability - because they failed to update to the latest version for one of many possible reasons:
- Laziness.
- They failed to notice the post on the dev blog in their wordpress dashboard.
- They failed to notice the number of people blogging about having upgraded.
- etc
To help alleviate this problem in the future I have crafted a simple wordpress plugin which takes a simple approach to get the users attention. Once activated the plugin checks an XML-RPC webservice for update news displaying a message at the top of every page in the wordpress admin user-interface. The plugin will check for an update to the message every 15 mins with an additional check being kicked off if the installed wordpress version changes so as to give instant feedback on upgrades.
The following images show three of the different responses returned by the current web-service and how they are displayed:
Response for 1.5.1.1
Response for 1.5.1.2
Response for 1.6-alpha-do-not-use
The plugin may be downloaded here: pjw_wp_version_monitor.php.0.75.zip
An updated version is now available see: http://blog.ftwr.co.uk/wordpress/wp-version-check/
Please leave any feedback and suggestions in the comments below.
Cool! Thank you. I’m looking forward to playing with it.
Comment by Carla — 28/6/2005 @ 12:30 am §
[...] in: Version Check Ever wonder if you’re using the latest version of WordPress? Version Check checks an XML-RPC webservice for update news displaying a m [...]
Pingback by WordPress Plugin: Version Check by Blogging Pro — 28/6/2005 @ 2:12 am §
[...] ; WordPress Theme: Giraffe WordPress Plugin: Version Check   Version Checkå¯ä»¥è‡ªåŠ¨æ£€æŸ¥æœ€æ–°çš„WordPress版本并在åŽå°ç•Œé¢ [...]
Pingback by Blogging Pro China » Blog Archive » WordPress Plugin: Version Check — 28/6/2005 @ 3:07 am §
[...] k Sei interessato a sapere se stai usando l’ultima versione di WordPress? Version Check controlla un webservice XML-RPC di aggiornamento per mostra [...]
Pingback by WordPress Italy » Blog Archive » Plugin WordPress: Version Check — 28/6/2005 @ 1:12 pm §
Cool idea. May I suggest to make the system massage a bit smaller? Less intrusive.
Comment by orangeguru — 28/6/2005 @ 9:39 pm §
[...] version mas actual te avisa con un mensaje en la parte superior de tu dashboard. Pagina: WordPress Version Checker Version: 0.75
[...]
Pingback by WordPress » Blog Archive » Chacador de version — 29/6/2005 @ 1:15 am §
[...] Wordpress 1.5.1.3 is released for a small security update. I have updated the XML-RPC webservice for the Wordpress Version Check so all the users of that should have a nice warning message in their admin ui until they upgrade. Comment on this post [...]
Pingback by Peter Westwood » wordpress 1.5.1.3 released — 29/6/2005 @ 7:48 am §
[...] Go get this: Verion Checking plugin [...]
Pingback by What makes you happy ? » Check your version — 29/6/2005 @ 8:27 am §
Nice plugin! It’s a damned shame that it doesn’t work with the Tiger Style Admin CSS plugin though.
Any chance of giving some hints or tips on how to resolve this issue?
Comment by Dan Atkinson — 29/6/2005 @ 1:20 pm §
Dan - I haven’t Tested it with any of the alternative admin plugins that are available.
What doesn’t work? - I thought the css layout i used should be fairly safe against alternative admin css’s.
I will try and get it fixed in the next release
Comment by westi — 29/6/2005 @ 1:26 pm §
You can see the file here.
The ‘Wordpress version is up to date’ bit is curiously hidden from view.
Comment by Dan Atkinson — 29/6/2005 @ 5:03 pm §
That’s cool! it works well,thank you for your hard work - it’s very much appreciated.
Thanks!
ron
Comment by Ron Pemberton — 29/6/2005 @ 6:38 pm §
Hi Peter–great idea for a plugin, however it doesn’t work for me. Installation was a piece of cake but I keep getting “Failed to get update information”. Perhaps the server where it checks is down?
Comment by Rehan — 2/7/2005 @ 10:16 pm §
[...] Found another nice plugin for you lazy wankers who hardly check the dashboard for announcements or important security updates. This plugin would just print in your admin header page to show whether your wordpress is the latest version or has not been updated. Check out the screenshots here. What you have to do is just unzip the file and place the .php file in your plugins folder which would be in wp-content/plugins. Nice job Peter [...]
Pingback by a journey home » Blog Archive » Upgraded to Wordpress 1.5.1.3 — 3/7/2005 @ 8:34 am §
Is it really necessary to display that ‘WordPress version is up to date’ message? I would have thought that it was only necessary to inform the user if something was wrong.
Comment by David House — 3/7/2005 @ 9:04 am §
Wordpress 1.5.1.3 out and version checking plugin
A minor security fix to Wordpress is out. I’ve had no problems but it is always good to keep up to date.
Actually, the changes are so minor you might want to just alter/overwrite the files involved. Despite the numerous code hacks I’ve in…
Trackback by Across Weirdish Wild Space — 3/7/2005 @ 5:10 pm §
Dan - Thanks for the screenshot - fixing that has been added to the to-do list!
Rehan - I’m not sure why you are getting that error - the server has been up all the time as far as I know and the log files on the server show not hits from the IP of your server. This probably means that the check as to whether or not to update the information from the server is not working correctly on your host - the message you see is the default message if the code has never managed to contact the server.
David - The main reason for the “WordPress version is up to date” message was to ensure that it was visible that the plugin was working correctly - I have had it suggested that the message is displayed in light grey rather than green which does sound like a good idea. I think that I will probably make the constant display of good news an option in a future version, if not the next release.
Comment by westi — 4/7/2005 @ 7:46 am §
[...] Peter Westwood ha realizzato questo comodo plugin che, una volta installato, visualizza semplicemente lo stato di aggiornamento della nostra installazione di Wordpress. Viene eseguito un controllo addirittura ogni 15 minuti, in modo da essere in grado di avvisare il webmaster in tempi brevissimi. [...]
Pingback by Lo Skyblog » Wordpress Version Check — 5/7/2005 @ 5:27 pm §
david…nice little plug-in.
i too ran into not being able to see the message, but then quickly realized it was hidden behind other layers (i use the Tiger layout). if you add a z-index:1 to the css for the positioning it will bring it to the top. then it’s just a matter of positioning it to look good in Tiger.
thanks.
Comment by jwp — 6/7/2005 @ 1:31 pm §
jwp: There are 3 sets of z-index in tiger.css. Which one do I edit?
The first is set to 100, the second to 1 and the third to 99.
Comment by Dan Atkinson — 8/7/2005 @ 4:32 pm §
Dan: I believe jwp is suggesting adding a z-index:1 to the css that is contained within the plugin code.
e.g. Changing this:
To this:
in
pjw_wp_version_monitor.phpI am working on a better fix though and should have a updated version of the plugin available in the next few days.
Comment by westi — 8/7/2005 @ 4:41 pm §
[...] Wordpress Version Check v0.80 is now available. Upgrade is recommended especially if you are using the Tiger Admin UI as you will now be able to see the plugin’s messages much easier. The changes for the Tiger Admin UI have been tested with v1.3 of the Tiger Admin UI plugin. [...]
Pingback by Peter Westwood » Wordpress Version Check v0.80 — 9/7/2005 @ 1:26 am §
Word press is the good system
Comment by torbjon — 14/7/2005 @ 7:43 pm §
[...] Wordpress Version Check v0.90 is now available. [...]
Pingback by Peter Westwood » Wordpress Version Check v0.90 — 27/7/2005 @ 9:21 pm §
[...] Wordpress Version Check v0.91 is now available. [...]
Pingback by Peter Westwood » Wordpress Version Check v0.91 — 21/8/2005 @ 1:14 pm §
[...] Wordpress Version Check v1.00 is now available. [...]
Pingback by Peter Westwood » Wordpress Version Check v1.0 — 8/12/2005 @ 7:06 pm §
RSS feed for comments on this post. TrackBack URI
Leave a comment