Akismet WordPress plugin 2.6.0

Post author image
Akismet Engineering
Filed under:General

The Akismet plugin version 2.6.0 for WordPress is now available.

It includes some incremental bugfixes since 2.5.9, plus some security and anti-spam improvements to how pingbacks work. Key changes since the last release:

  • Optimize javascript and add localization support.
  • Fix bug in link to spam comments from right now dashboard widget.
  • Fix bug with deleting old comments to avoid timeouts dealing with large volumes of comments.
  • Include X-Pingback-Forwarded-For header in outbound WordPress pingback verifications.
  • Add a pre-check for pingbacks, to stop spam before an outbound verification request is made.

There was a news cycle a few days ago about “WordPress pingbacks being used to DDOS sites” which had a lot of misinformation and hyperbole, but there were two valid issues which the last two bullet points address: anti-spam checks were done after a pingback was verified, and WP didn’t pass on who made the request that caused it to verify a pingback (effectively cloaking the true source). This update to Akismet addresses both, and we think a similar approach may be appropriate for core in a future release.

To update, just visit the Updates tab of your WordPress dashboard.

8 Comments

  2. Just curious as to what the hyperbole was in the posts discussing the issue. If there was a lot of misinformation, why isn’t the ‘correct’ information added to this post or in a seperate post?

    Reply

    1. I expect there will be some more details posted soon, but for the moment we’ll wait for the core WordPress team to address the issue.

      Reply
  3. Pingback: Pingback Problem: 162K WordPress Sites Tricked into DDoS | K²R
  4. Pingback: WPTavern: Akismet Update Adds Security and Anti-Spam Improvements | A2Z Web Design Tutorial
  5. Pingback: ピンバック悪用の踏み台攻撃防止に対応した Akismet 2.6 がリリース – ja.naoko.cc

  6. After updating to 2.6.0, it has entirely broken the plug-ins page. It states:

    [redacted]

    I know this appears to speak to an issue with our event calendar, however no changes were made to this. Any ideas/advice?

    Reply

    1. Please don’t post support questions here. I removed the details you pasted because it revealed your local filesystem paths which may be a security risk.

      You can open a support ticket on our support page.

      We’ve received no other reports of similar problems, and I see no indication it is related to the Akismet plugin.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.