WordPress version 2.8.5 promises better security. Described by the development team as a 'hardening release', it contains a number of functions back ported from the version 2.9 beta which should make the blogging system more resistant to attack. According to developer Peter Westwood, these include a fix for Trackback related denial-of-service (DoS) attacks and the deletion of areas of code which allowed PHP code in variables to be executed via the eval() function.
Administrators will also no longer be able to upload arbitrary files to the media library. The white list of permissible fie extensions had previously applied to normal users only. The aim here is to make it harder for attackers, having penetrated administrator accounts, to upload and execute PHP code.

The link for this article located at H Security is no longer available.