WordPress is one of the most popular and reliable content management systems on the market, and for this reason it is also one of the most frequently targeted platform for hackers. Websites that are running older versions of WordPress are often vulnerable to security breaches and data leaks. Seeking to correct a number of bugs, WordPress recently updated to version 4.5.3, a release that doesn’t provide much additional functionality but is highly recommended by the WordPress security team. Here’s what you need to know about their latest security update.
What’s new in WordPress 4.5.3?
The latest WordPress version includes fixes for more than two dozen critical vulnerabilities, including:
- Redirect bypass in the WordPress customizer API
- Two separate cross-scripting problems via attachment names
- Information disclosure bug in revision history
- Denial-of-service vulnerability in the oEmbed protocol
- Unauthorized category removal from a post
- Password change by stolen cookies
- Some less secure sanitize_file_name edge cases
All vulnerabilities were found by members of the WordPress community. In addition to the security issues listed above, WordPress 4.5.3 fixes 17 maintenance issues from its predecessors 4.5, 4.5.1 and 4.5.2 (See full list).
WordPress update process
Many sites have an automatic background update, meaning that website admins will receive an email, confirming the update. If your website doesn’t support this feature, you can trigger manual updates by logging in to your WordPress dashboard and click on the ‘Please update now’ link, which is clearly visible on the top of the page.
Before you perform the update, however, we highly advise you to make a backup of your website. This is so that you can quickly restore your site in the event that something goes wrong. Once you have your backup ready, you can go ahead and update your site with the push of a button. Alternatively you can download WordPress 4.5.3 here and install it via File Transfer Protocol (FTP).
It’s important to update to the newest versions of WordPress to ensure that you have access to all of its functionalities and to keep your data and website visitors safe from potential security threats. Google will also demote websites that are running old versions of WordPress in its search results pages - all the more reason why you should regularly check for WordPress updates. If you have any questions about WordPress security, feel free to get in touch with our experts today.