WordPress is an amazing open source platform that is favored by individuals and business users worldwide due to its ease of use, simplicity and flexibility. However, given that it is the most widely used content management system, it is also the most vulnerable platform out there. Recently WordPress has released an update that addresses security issues for all previous versions. Check out exactly what the update entails.
What’s new in WordPress 4.5.3?
The latest WordPress version includes fixes for more than two dozen critical vulnerabilities, including:
- Redirect bypass in the WordPress customizer API
- Two separate cross-scripting problems via attachment names
- Information disclosure bug in revision history
- Denial-of-service vulnerability in the oEmbed protocol
- Unauthorized category removal from a post
- Password change by stolen cookies
- Some less secure sanitize_file_name edge cases
All vulnerabilities were found by members of the WordPress community. In addition to the security issues listed above, WordPress 4.5.3 fixes 17 maintenance issues from its predecessors 4.5, 4.5.1 and 4.5.2 (See full list).
WordPress update process
Many sites have an automatic background update, meaning that website admins will receive an email, confirming the update. If your website doesn’t support this feature, you can trigger manual updates by logging in to your WordPress dashboard and click on the ‘Please update now’ link, which is clearly visible on the top of the page.
Before you perform the update, however, we highly advise you to make a backup of your website. This is so that you can quickly restore your site in the event that something goes wrong. Once you have your backup ready, you can go ahead and update your site with the push of a button. Alternatively you can download WordPress 4.5.3 here and install it via File Transfer Protocol (FTP).
It’s important to update to the newest versions of WordPress to ensure that you have access to all of its functionalities and to keep your data and website visitors safe from potential security threats. Google will also demote websites that are running old versions of WordPress in its search results pages - all the more reason why you should regularly check for WordPress updates. If you have any questions about WordPress security, feel free to get in touch with our experts today.