Yesterday the WordPress 4.4.2 security update was released. This is a critical update and should be applied immediately. If I am maintaining your site, the update has already been applied. If you are doing your own maintenance, it is important to apply this update ASAP. If you’re not sure who’s maintaining your site, we need to talk!
What’s In The Update?
This update fixes two security flaws and 17 bugs. The bugs are a much smaller deal than the security patches.
Why Is It Important To Update?
The security blogs are abuzz about a new and very nasty suite, if you will, of malware that has recently been discovered. It’s being referred to as an “Attack Platform” encompassing many of the harmful scripts that have been used singly in the past. This new one is almost like a hacker’s Swiss Army Knife containing many malicious scripts that can be used to attack sites in numerous ways.
Keeping WordPress, its plugins and themes updated has always been important and it will continue to be more important as time goes on. The bad guys don’t take breaks and the good guys can’t afford to, either.
What Do I Do Now?
Log in to your WordPress admin panel and check whether there are updates that need to be applied. You should be running WordPress 4.4.1, at least. If your site has updated automatically (as is the default with recent versions of WordPress), you’ll be on version 4.4.2.
If you’re running version 4.3, the latest version is 4.3.3. If you see that your site is on 4.3.3, the security issues have been patched, but it’s still advisable to update to 4.4.2. Unless you have a compelling reason to stay on an earlier version, it’s best to be at the latest and greatest.
Before you apply updates make sure to do a complete backup of your site. If you don’t know how to do that, please contact me and we’ll get that taken care of for you.
Once you’re backed up, apply any plugin updates that are needed. I always do plugins first because they tend to be the least problematic. This is not always the case, though, which is why I stress making a full backup before doing updates.
If you have themes on your site that you’re not using, keep one of the standard WP themes and delete the rest. Themes laying around unused, like plugins, are a security problem waiting to happen. Make sure to update the theme that you keep. Your main theme may need updating, as well. This can be a bit dicey, so again, make sure you’re backed up before updating your primary theme.
Finally, if the plugin and theme updates have been successful, update WordPress.
As always, if you don’t feel confident handling these things yourself, I’m here to help. Stay safe out there!
Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net