Most of you that frequently updates your self-hosted WordPress site should be well aware of the new version, 2.8.5 now available. As with all incremental security releases, it is recommended that you upgrade as soon as possible.
What I consider an incremental upgrade is when it goes something like from 2.8.4 to 2.8.5. This kind of small version change usually has no major enhancements and should have a pretty painless upgrade. When there are major changes like the upcoming release of version 2.9, then I would recommend waiting a week or so for some of the bugs to be found and fixed. I would suggest either researching any new major release or wait for the first incremental version of it to be released. And remember with all upgrades always backup first!
From the official WordPress.org site regarding version 2.8.5:
The headline changes in this release 2.8.5 are:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where PHP code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection.
If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner. This is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. You can read more about this plugin here – “WordPress Exploit Scanner“
When upgrading this site I encountered the “WordPress Upgrade Error Allowed Memory Size Exhausted” error. So I had to do the workaround to increase the memory limit by adding a bit of code to my wp-config.php file discussed in this previous post: WordPress Upgrade Error Allowed Memory Size Exhausted.