WordPress released a core security update today; we recommend all WordPress site owners update as soon as possible.
No real details of the specific problem this fixes have been released, which is normal as WordPress are trying to avoid tipping off the bad guys prematurely.
For more details on the release see here:
Details of the specific weakness should come out in the next few weeks; in the meantime this is a timely reminder that it’s important to keep your site updated to avoid potential hacking attacks.
How to keep your WordPress site Automatically Updated:
If you don’t have time to keep your site manually updated, there is always the option of installing the WordPress plugin Automatic Updater. Automatic Updater is a plugin that will automatically update your site when new versions of WordPress software become available. This prevents your site aging, and thus makes it much less likely it will get hacked, and best of all, it involves no time or cost from yourself.
To install Automatic Updater:
- Login to your dashboard, hover your mouse over “Plugins” in the left menu and click on “Add New” in the pop-up.
- In the search window, type “Automatic Updater” and then when Automatic Updater is listed (usually at or near top) click on “Install Now”.
- When the installation has finished, click on “Activate Plugin” at the bottom of the short progress page you are looking at;
- You will be taken to the “Plugins” page – click on “Settings” next to Automatic Updater. Choose the two top options to update WordPress core and plugins automatically. Normally it’s safest to turn the third option off, unless your developer has told you otherwise.
- Done – now you will get automatically updated!
We strongly recommend the combination of a backup plugin with this to ensure your site is backed up before it is updated. While the plugin does run some checks, it isn’t foolproof and a backup will help you recover if something goes wrong.
NOTE: We don’t recommend you use Automatic Updater on high volume sites for obvious reasons; such sites need to be carefully babysat!
There is a small risk with using Automatic Updater: it may break your site. However, our live experience at this point is that we’ve run Automatic Updater on a number of sites, and have for many months now with no problems. Also note that Automatic Updater has 5 stars and 22,000+ downloads – a good sign it is trustworthy!
It’s our beleif that WordPress may well head towards some form of carefully controlled built in Automatic Update in the next year or so; it’s being actively worked on by the author of this plugin amongst others. The idea is to make it safe by testing the website before and after, and making it easy to remove updates that may have caused problems. It’s worth making the point here that most WordPress problems come from plugins, and nearly all of those from lower-use plugins – that is, those that have less stars and a lower user count, and don’t get updated often.
Those of you who use the Google Chrome web browser may not be aware that Chrome has always followed this model of automatic update, since it was first released. The idea is to protect you from getting hacked, and at the end of the day we think that’s a worthy goal.