TechAdvisory.org

Technology Advice for Small Businesses

The latest WordPress release fixes major issues

Security_2016_July_5_BAlthough WordPress is more secure than it used to be, outdated installations can be a potential threat to your website and the data that is hosted on the servers. In an attempt to shut down hackers before they can exploit vulnerabilities, the WordPress security team recently rolled out a new version that patches security loopholes and fixes several known bugs. Read on to find out more about the update.

What’s new in WordPress 4.5.3?

The latest WordPress version includes fixes for more than two dozen critical vulnerabilities, including:

  • Redirect bypass in the WordPress customizer API
  • Two separate cross-scripting problems via attachment names
  • Information disclosure bug in revision history
  • Denial-of-service vulnerability in the oEmbed protocol
  • Unauthorized category removal from a post
  • Password change by stolen cookies
  • Some less secure sanitize_file_name edge cases

All vulnerabilities were found by members of the WordPress community. In addition to the security issues listed above, WordPress 4.5.3 fixes 17 maintenance issues from its predecessors 4.5, 4.5.1 and 4.5.2 (See full list).

WordPress update process

Many sites have an automatic background update, meaning that website admins will receive an email, confirming the update. If your website doesn’t support this feature, you can trigger manual updates by logging in to your WordPress dashboard and click on the ‘Please update now’ link, which is clearly visible on the top of the page.

Before you perform the update, however, we highly advise you to make a backup of your website. This is so that you can quickly restore your site in the event that something goes wrong. Once you have your backup ready, you can go ahead and update your site with the push of a button. Alternatively you can download WordPress 4.5.3 here and install it via File Transfer Protocol (FTP).

It’s important to update to the newest versions of WordPress to ensure that you have access to all of its functionalities and to keep your data and website visitors safe from potential security threats. Google will also demote websites that are running old versions of WordPress in its search results pages – all the more reason why you should regularly check for WordPress updates. If you have any questions about WordPress security, feel free to get in touch with our experts today.