WordPress is a content management system which allows you to effectively manage your site’s content with little or no knowledge about coding. With the help of plugins and themes, you can have your full site ready to go.
The Latest wordpress release is 4.2.2 , but it won’t be surprising to know that very few people as well as organisation may not be aware of these releases.
The purpose of this post is to tell YOU about the security issues that were addressed in the following WordPress versions; 4.2, 4.2.1 and 4.2.2.
WordPress Version 4.2
On April 23, 2015, WordPress released Version 4.2 which generally addresses cross-site scripting vulnerability, essentially enabling site visitors to compromise a site with random commentary and spam.
WordPress 4.2 known as Powell has the following features:
- An easier way to share content: Clip it, edit it, and publish it. Get familiar with the new and improved Press This. From the Tools menu, add Press This to your browser bookmark bar or your mobile device home screen. Once installed you can share your content with lightning speed. Sharing your favorite videos, images, and content has never been this fast or this easy.
- Extended character support: Writing in WordPress, whatever your language, just got better. WordPress 4.2 supports a host of new characters out-of-the-box, including native Chinese, Japanese, and Korean characters, musical and mathematical symbols, and hieroglyphs.
Don’t use any of those characters? You can still have fun — emojis are now available in WordPress!
- Even more embeds: Paste links from Tumblr.com and Kickstarter and watch them magically appear right in the editor. With every release, your publishing and editing experience get closer together.
- Switch themes in the Customizer: Browse and preview your installed themes from the Customizer. Make sure the theme looks great with your content, before it debuts on your site.
- Streamlined plugin updates: Goodbye to boring loading screen, hello smooth and simple plugin updates. Click Update Now and watch the magic happen.
This was released on April 27 2015.
WordPress 4.2.1 is a critical security release for all previous versions and we strongly encourage you to update your sites immediately as this update addresses cross-site scripting vulnerability that could allow commenters to compromise a site.
This was released on May 7, 2015. This release addresses two major security issues, which are
- The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on wordpress.org (including the Twenty Fifteen default theme) have been updated by the WordPress security team to address this issue by removing this nonessential file.
- WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue (as this same issue was addressed in wordpress 4.2.1).
To get detailed info about the different releases, check wordpress releases here.
In conclusion, Updating to another version of WordPress does come with its challenges as you may discover that some of your plugins are no longer compatible with the update.
- if possible, especially if you are still running wordpress version 3.9, first make your site available locally or request for a backup from your hosting company including your database before proceeding with the update.
- We also advise that you have a staging site either online or locally where you can always first check if your updates does not disrupt your site before pushing them online for global reach.
- Choose a good hosting company who can ensure that you get a notification anytime there is a new release as it has been discovered that leaving your site with the old versions sometimes create a security risk for your online users as well especially if you deal with people’s details, e.t.c.
- Get support from your hosting company if you run into trouble. If the issue you are having is plugin or theme-related, go to the plugin/theme support page as the case may apply.
- There are different forums all around, you can look for one and post your issue while you wait for the issue to be resolved. WordPress forum is good place I tell you.