Once every few months, WordPress releases an update and users are informed about the same through emails and dashboard alerts. We have observed that many users tend to keep WordPress updates way low on their priority list. Most of them believe that since their site is running fine, there is no need to install the updates urgently. This is not a recommended way to manage updates. WordPress being an open-source platform, has a huge community of developers working hard to ensure that you get the optimum performance out of the resources deployed. With every update, they either improve performance, fix bugs, enhance security or add new features to WordPress. To be able to benefit from these additions, it is essential to update WordPress as soon as a new release is out.
In April, the developers released a security and maintenance update – WordPress 4.9.5. This was applicable to all versions since WordPress 3.7. This update addressed three important security vulnerabilities and offered a fix for around 28 bugs. The developers had found the following minor security issues with the earlier versions of WordPress:
Image Source: Pixabay
- The earlier versions treated localhost as the same host by default allowing attackers to impersonate themselves as the machine on which the WordPress site was hosted. This further allowed them to access sensitive data. This update changed the default setting of treating localhost as the same host.
- While redirecting a login page when SSL was forced, the safe direct configuration was not used. This update corrected it and changed the way the WP login page of the administration session behaves.
- There were some vulnerabilities found in the version string being escaped for subsequent use in generator tags. This could allow attackers to gain access to the site by inserting malicious code into the version strings. This was addressed in the update too.
Apart from these three vulnerabilities, 25 other bugs were fixed in this update. Some of these were:
- The inclusion of support for cropping on touch-screen devices.
- Clearer error messages.
- Better compatibility with PHP 7.2.
- Restoration of previous styles on caption short-codes.
- The optimum position of the attachment placeholder during uploads.
How to install the update?
Like all other WordPress releases, you can install the update by:
- Downloading it from WordPress.org – Download Link
- Logging in to your Dashboard, click on Updates and then ‘Update Now’.
If you have selected a good WP Hosting provider who offers automatic WordPress updates, then you don’t need to do anything at all. The update would have already been installed by now. A WP hosting provider should be selected carefully so that you can optimize the features offered by the WordPress development team. Managed WP Hosting allows you to focus on your business activities without having to spend a lot of time, energy, or resources on the technical aspects of managing a site. The control panel offered by most hosting providers make monitoring your website and resources truly simple.