WordPress, is the most popular open source platform used by individuals and businesses worldwide. It’s simple, flexible user interface makes it the number one choice for the less tech savvy.
Despite being the most used content management system it is also the most vulnerable; its most recent update tackles these security issues. Here I will tell exactly what you can expect from the update.
4.5.3 contains updates and fixes for more than two dozen critical security risks, including:
- Redirect bypass in the WordPress customizer API
- Two separate cross-scripting problems via attachment names
- Information disclosure bug in revision history
- Denial-of-service vulnerability in the oEmbed protocol
- Unauthorised category removal from a post
- Password change by stolen cookies
- Some less secure sanitize_file_name edge cases
Not only these but the update provides fixes for 17 maintenance issues, see the full list of fixes here (https://core.trac.wordpress.org/query?milestone=4.5.3)
How to update…
Some sited have an automatic update, you should receive an email to confirm this. Otherwise ensure you do a manual update by clicking ‘Please update now’ on your dashboard.
BEFORE YOU DO ANYTHING
Backup your website! This means you can quickly restore your site in the event that something goes wrong.
It is highly important that you update to the newest WordPress version to make sure your data and website visitors are safe from any threats. Google will also recognise those sites using old versions of WordPress and potentially rank your lower on their searches.
If you have any further questions regarding the security of your WordPress site please do not hesitate to get in touch on 01524 581 690