The Akismet plugin version 2.6.0 for WordPress is now available.
It includes some incremental bugfixes since 2.5.9, plus some security and anti-spam improvements to how pingbacks work. Key changes since the last release:
- Optimize javascript and add localization support.
- Fix bug in link to spam comments from right now dashboard widget.
- Fix bug with deleting old comments to avoid timeouts dealing with large volumes of comments.
- Include X-Pingback-Forwarded-For header in outbound WordPress pingback verifications.
- Add a pre-check for pingbacks, to stop spam before an outbound verification request is made.
There was a news cycle a few days ago about “WordPress pingbacks being used to DDOS sites” which had a lot of misinformation and hyperbole, but there were two valid issues which the last two bullet points address: anti-spam checks were done after a pingback was verified, and WP didn’t pass on who made the request that caused it to verify a pingback (effectively cloaking the true source). This update to Akismet addresses both, and we think a similar approach may be appropriate for core in a future release.
To update, just visit the Updates tab of your WordPress dashboard.
Reblogged this on blog of greg and commented:
Updates, get yer updates. 🙂
Just curious as to what the hyperbole was in the posts discussing the issue. If there was a lot of misinformation, why isn’t the ‘correct’ information added to this post or in a seperate post?
I expect there will be some more details posted soon, but for the moment we’ll wait for the core WordPress team to address the issue.
After updating to 2.6.0, it has entirely broken the plug-ins page. It states:
[redacted]
I know this appears to speak to an issue with our event calendar, however no changes were made to this. Any ideas/advice?
Please don’t post support questions here. I removed the details you pasted because it revealed your local filesystem paths which may be a security risk.
You can open a support ticket on our support page.
We’ve received no other reports of similar problems, and I see no indication it is related to the Akismet plugin.