Recently a lot of people have been hit by a wordpress security vulnerability that was fixed with an hour of it being reported about a month ago. Why have they fallen prey to this vulnerability – because they failed to update to the latest version for one of many possible reasons:
- They failed to notice the post on the dev blog in their wordpress dashboard.
- They failed to notice the number of people blogging about having upgraded.
To help alleviate this problem in the future I have crafted a simple wordpress plugin which takes a simple approach to get the users attention. Once activated the plugin checks an XML-RPC webservice for update news displaying a message at the top of every page in the wordpress admin user-interface. The plugin will check for an update to the message every 15 mins with an additional check being kicked off if the installed wordpress version changes so as to give instant feedback on upgrades.
The following images show three of the different responses returned by the current web-service and how they are displayed:
Response for 18.104.22.168
Response for 22.214.171.124
Response for 1.6-alpha-do-not-use
The plugin may be downloaded here: pjw_wp_version_monitor.php.0.75.zip
Please leave any feedback and suggestions in the comments below.