WordPress Patch Update From to Now Available

By Angsuman Chakraborty, Gaea News Network
Thursday, June 30, 2005

WordPress developers have posted yet another “security” update. Again, as always, you have to delete everything (except wp-content/ and config.php) and re-install from scratch. If you are, like me, tired of these frequent updates (after having finally updated to then this patch is for you. With this little patch (24K zipped) (assuming you are already on you will be updating just the 5 affected files.

This time too they are mysteriously silent about the security defect as before. I am tired of re-installing from scratch for every mysterious security defects.

It appears that they are still working on fixing remnants of the old issue where parameters to query string (like ?p= ) were not checked. Well, now you know it!

I suggest that WP developers should do a full code review to find any other bugs associated with non-checking of query strings and issue a single update, if necessary, instead of all these incremental updates.

I have taken the 5 files which were actually updated for WordPress and created a zip file from it. I verified using CSDiff that they are actually the files which were changed. Also they changed readme.html (change: “1.5″ changed to “1.5.1″) which I haven’t included for brevity.

Use this only if you have already updated your WordPress blog to You have been warned!

Download it and unzip to your WordPress root folder (where config.jsp resides). It will overwrite 5 files. If you are on Linux use unzip, on windows use WinZip etc.

My Linux session went like this:

unzip wp-content/upload/WP1.5.1.3PatchFrom1.5.1.2.zip
Archive:  wp-content/upload/WP1.5.1.3PatchFrom1.5.1.2.zip
replace xmlrpc.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: xmlrpc.php
replace wp-includes/version.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: wp-includes/version.php
replace wp-includes/functions-post.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: wp-includes/functions-post.php
replace wp-admin/post.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: wp-admin/post.php
replace wp-login.php? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: wp-login.php

Note: I could have used the -o flag to overwrite the files silently without prompting. I decided not to as it gives you a visual confirmation that the proper files at proper locations are being overwritten.

I have tested it successfully on two blogs including this one.

Obligatory Warning: Please make backup of WordPress directory and everything else under Sun, if you so desire.

Obligatory Disclaimer: Use at your own risk. No warranty expressed or implied is provided.

Update: Includes Ryan Duff’s latest patch to fix xmlrpc issues.

Update: If you are looking to upgrade from 1.5.1 to then use Shaky’s patch.

June 20, 2010: 8:39 am

Sometimes that even creates a bidding war where nobody can profit in the short term from the traffic at that price

April 21, 2010: 12:12 pm

Diabetes is really a nasty disease and you can also say that for TYPE II diabetes, it is a disease that is caused by being to lazy to workout or get some proper exercise.

February 26, 2010: 12:25 am

I am the manager of a used car dealer in Los Angeles. I just want to thank you guys for the great articles and comments. love this websites and visit this site often. I believe
every car dealership owner or manag er should visit this site. Great job guys.

February 16, 2010: 8:48 pm

everything imposiple with Wordpress.We Love you

January 11, 2010: 12:42 pm

This is great! Will you be planning to release similar update packages in the future?

P.S. You may want to edit the title of this post. Just read it once, you’ll see what I mean. ^_-

December 10, 2009: 1:55 pm

thanks for nice post

June 11, 2006: 4:47 pm

Youve got very useful site. It really helped me. Thanks.

Danny Vinnigan
April 7, 2006: 9:15 am

Your sites design is really tremendous. Nice work.

March 17, 2006: 4:40 am

“I have done that,” says my memory. “I cannot have done that,” says my pride, and remains inexorable. Eventually-memory yields.

Mark Zelinski
March 16, 2006: 4:29 pm

Great site guys. Great design.

March 12, 2006: 7:56 pm

Not often you can find such a nice site!

Maria Kondova
March 11, 2006: 8:31 am

You’ve got very useful site. It really helped me. Thanks.

March 9, 2006: 10:30 am

Great project. I found it very useful.

Karty Cole
February 27, 2006: 6:11 pm

I’ve been searching for such resource for a long time. It’s great.

February 24, 2006: 9:08 am

Thank God theres still such a nice projects as yours.

July 6, 2005: 7:57 am

WordPress Patch Update From to

For those that are tired of the “official” method of upgrading (backup, remove, re-install), Angsuman has posted a zip of only the files changed in the -> security release. I’m using it here and so far nothing has im…

July 6, 2005: 1:32 am

Great work, thanks. Make the upgrade much easier! I didn’t really relish the idea of doing a complete upgrade, backing everything up etc. This way, only the relevant files needed to be thought about.

Let’s hope the WP crew realise the logic of it all; if not, keep it up! :D

July 5, 2005: 3:41 am

Brilliant! Worked like a charm. Thanks :)

July 4, 2005: 1:58 am

[...] Owen offers some advice on keeping WordPress v1.5.x up to date via SVN. Michael Heilemann prefers to store his ideas via an archaic analog system. Khaled releases Rin v1.1. Michael Hampton foresees the end of free speech. Jon switches to WordPress. Orson discusses the importance of understanding animals. Angsuman releases an automated WordPress v1.5.1.2 to v1.5.1.3 patch upgrade. Mark debunks yet another asinine statement about the U.S. military. Tom reports that business blogging “more than pays for itself.” And, Podz receives a confusing response from Google. [...]

July 2, 2005: 2:34 pm

Thank you for doing this. I had already made the change when I found your site, but I will certainly keep you bookmarked for the future! Luckily, since I’m still learning how to work with WordPress, I have not yet begun to investigate the world of plugins, so I had nothing to break and therefore, the upgrade went quickly and flawlessly.

It is most kind of you to make the effort and share it with the rest of us. :)

July 2, 2005: 4:23 am

[...] Édité à 12h20 — Après avoir posé la question sur le forum WordPress, j’ai obtenu l’adresse d’un script automatisant le passage de WordPress à Dommage que la WordPress team ne fournisse pas elle-même ce genre de script, car j’imagine que pour les gens ayant peu de connaissance en informatique la mise à jour de WP est un vrai casse-tête ! [...]

June 30, 2005: 8:18 pm

Thanks for the catch.

I will try to make such releases in future too.
I just hope they get the cue and include this as part of release management.

June 30, 2005: 7:04 pm

This is great! Will you be planning to release similar update packages in the future?

P.S. You may want to edit the title of this post. Just read it once, you’ll see what I mean. ^_-

June 30, 2005: 5:05 pm

[...] V�a Planeta WordPress me entero de un parche para pasar a WordPress sin tener que subir todos los ficheros y que teneis m�s informaci�n en esta web. [...]

June 30, 2005: 1:33 pm

[...] There appears to be some disquiet in the WordPress community following the latest security update, the fourth in just a few short weeks. As a newcomer to WordPress of just a couple of months, I am saddened to see harsh criticism coming from unexpected quarters. Both MacManX and Angsuman - two regular support hero’s - being openly critical of the platform and the updates. And, as happened with previous patches, a lot of the userbase having problems with the upgrade. [...]

June 30, 2005: 9:07 am

[...] WordPress ayer presentó su versión, que corrige un agujero de seguridad. Aquí podréis encontrar el comunicado y supongo que los pasos para actualizar de manera oficial a la nueva versión. Si usas WordPress te interesará saber que ha salido un patch para actualizar SÓLO SI TIENES WP1.5.1.2 que se trata en bajar el paquete, descomprimirlo y reescribir los ficheros con tu http://FTP. Como siempre se recomienda hacer una copia de seguridad de los archivos de tu blog y un backup de tu base de datos. Yo ya he actualizado de este modo dos blogs. [...]

will not be displayed