WordPress 2.5 Upgrade: WordPress 2.5.1 is available! Please update now Message Appears after Upgrade Troubleshooting

When a client of mine upgraded to WordPress 2.5.1 from WordPress 2.5 she encountered an issue where the database will not upgrading, resulting in the “WordPress 2.5.1 is available! Please update now.” flashing in her dashboard and every other admin pages. On initial search of the WordPress support forum, we found the following strings that pointed us in a certain direction:

  • wordpress 2.5http://wordpress.org/support/topic/172004
  • http://wordpress.org/support/topic/168964

Neither strings suggest solutions that are easy or safe, however, I urge you check these posts and then search your install via file manager/FTP/WebFTP to ensure you do not have files with the following extensions anywhere within a writable directory such as uploads: _new.php, _old.php, .php.pngg, .php.jpgg, or .php.giff.

One this was clear from these support forum strings though was that my clients site was hacked from the time she switched to WordPress 2.5 to the time she tried upgrading to WordPress 2.5.1, all within 48 hours.

On further troubleshooting, this time on the backend, we realized the kink was within the “wp_options” table in the database. So we had to identify the kink first, then fix it. The methodology is to seek and destroy the hacker included code and then force a database update.

I must warn you, if you are not comfortable playing with your core WordPress files and your database tables, I suggest you hire a professional or WordPress consultant (shameless plug).

  • First off, ensure your WordPress 2.5.1 files have completely replaced your older version.
    One (not so guaranteed) way is to open your /wp-includes/version.php file and check the version number, this can also be accomplished using file manager/FTP/WebFTP
  • Make a note of the database number in the /wp-includes/version.php file which will be under $wp_db_version, it should be 7796 in the case of WordPress 2.5.1
  • Now, you will need access to your database for the following steps, your host should allow you to view and edit your databases via phpAdmin,
  • Log in
  • Select the database in question (your WordPress install will have it’s own database in many case)
  • Make a copy of your entire database using the export feature and method described here
  • Then make a backup of only your wp_options table
  • Open the wp_options table sql file in a text editor such as Notepad++
  • Use the find/search function (Ctrl+f) and look for /..
  • Look for codes that are similar to the one below:
  1. i:11;s:117:”../../../../../../../../../../../../../../../../../../../../../../ tmp/tmpbYCT9H/sess_fc9148b41a8cbe4c05b21053bdd8e6c2″;
  • Delete the hacker included code
  • Use the find/search function again and look for db_version
  • Check your database number in the wp_options table against the database number $wp_db_version in /wp-includes/version.php file
  • If they are the same, then change the database number in the wp_options SQL file to one number behind the version in your /wp-includes/version.php file, say to 7795
  • Save it
  • Upload the wp_options SQL back to your MySQL server using the import feature, this should only rewrite that one table
  • Now open a new browser and type in http://yoursite.com/wp-admin/upgrade.php
  • The browser will then walk you through the database update which should take you about a minute or less
  • Then login in to your WordPress admn panel and check, the “WordPress 2.5.1 is available! Please update now.” should no longer be there
  • Immideatly change the password, make it as strong as possible
  • Go back to your files once again and check the CHMOD of your uploads file
  • If it is set to 777 or 775, change to 755 or less

You are done, your WordPress 2.5 will be successful upgrade to WordPress 2.5.1.

Leave a Comments | Trackback | RSS 2.0

  1. 1. wpSnap - Best WordPress Themes, Blogging Tips, Design Resources » WordPress 2.5 Vulnerability Requires WordPress 2.5.1 Upgrade | April 28, 2008 #

    [...] Sunny has a post detailing some WordPress 2.5 troubleshooting tips! [...]

  1. 2. V_RocKs | July 31, 2008 #

    We all have been getting hacked for months and still wordpress has done nothing about it.

  1. 3. hso | July 31, 2008 #

    @ V_Rocks

    Upgrade to 2.6, that might help.

  1. 4. Laptop Bags Australia | August 19, 2008 #

    I got hacked so I password protected my admin directory from the web host cPanel. There hasn’t been a problem since. The hack was putting ads for ringtones in some of the php template files. Very annoying. Google banned my site for a few months.

  1. 5. Site Hacked: Site Name Changed to “Cheap Viagra” » WP Pro | April 4, 2010 #

    [...] If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!I have been pretty behind on keeping up with all things WP and might have missed the boat on the latest WP pitfalls, but found it the hard way that my site(s) were hacked on my new server for the first time since WordPress 2.5. [...]

Have Your Say »

(Required- use your name, not keywords)

(Required- will not be published)


Use SimpleCode while pasting codes.