WordPress Security Updates are here again, and version 4.4.2 is one that should not be put off.
WordPress released its latest version of the platform (4.4.2) on the 2nd of February. And, for those who manage their own site, or rely on a 3rd party to keep their sites secure, this update is a fairly important one that shouldn’t be put off. It’s a security release that covers all previous versions, and more specifically, two significant security issues discovered by an avid WordPress developer; Ronni Skansing, out of Denmark, as well as an independent security researcher; Shailesh Suthar, who also recently discovered a security breach in Facebook’s platform back in December of 2015 which Facebook has since closed.
The first security challenge was a possible SSRF (server side request forgery) vulnerability for certain local URI‘s. The second was an open redirection attack which is a type of phishing attack designed to redirect visitors from a site to another malicious site without their knowing. Both of these allow for data and traffic manipulation which can make your site vulnerable to malware and security protocol which could, worse case scenario, get your site blacklisted by search engines or open your visitors to vulnerabilities.
In addition to those security fixes in the new release, WordPress also covered an additional 17 bugs from 4.4 and 4.4.1. For more information about this latest WordPress release, visit https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/.
We’re here for you.
Back2Basic clients are monitored routinely and frequently to avoid unforeseen challenges where they can be avoided. We do not publish articles every time there are new WordPress Security Updates, or a new version is released with updated features because these updates happen too frequently.
Some updates are fun new feature releases. Some have minor security precautions or bugs that are addressed. And, then there are others that may be more severe in nature and should be addressed as soon as possible.
And, although we feel it would be overwhelming to let our audience know of every incident, we do believe alerting our fans and clients of periodic updates, or more major occurrences is a gentle reminder to everyone to stay diligent about important WordPress Security Updates in general. Otherwise, we’ll leave the more routine WordPress news and communication updates www.wordpress.org.
Even the most minor of changes can cause bigger challenges down the road as updates accumulate and go unaddressed over time.
WordPress is a great platform to build strong content-driven websites on in less time, and typically at the fraction of the price of a hard-coded custom built site. But, the open-source platform, and its thousands of contributors, are left to trust and diligence of all of those other contributors and users. And, therefore, to minimize your security risk, one of your best and first lines of defense will always be to keep your site updated, (including WordPress, theme files, and plugins) and your database and server files clean and optimized frequently and routinely. Then backup. Backup. Backup.
By the way…
WordPress sites are not the only sites susceptible to “cracks in the armour”. You don’t really believe Target.com, The Home Depot, World Bank, or IRS.gov are built on WordPress do you? No. Of course, not. Check out some of the latest news and articles about website security from our friends at Sucuri.net.