The Small Business Website Guy

  • Home
  • Blog
  • About
  • WordPress Help
  • Services
    • WordPress Help
    • Hacked Site Cleanup
    • Website Management Program
    • Domain Registration
    • Web Hosting
  • Testimonials
  • Contact Us

April 8, 2014 by John

WordPress Security Update Released Today

Much to the surprise of many, a WordPress security update was released today. With WP 3.9 coming out within weeks, few of us were expecting a patch release for 3.8, however, the discovery of a nasty vulnerability called Heartbleed made it necessary to release this patch sooner rather than later.

Automatic Updates

Many of you, myself included, received notifications that WordPress had automatically updated itself to 3.8.2. This was a bit of a shock to me since the sites I monitor have a plugin called Update Control installed and the setting to disallow automatic updates is set. It’s obvious that the plugin doesn’t do what it’s supposed to do!

I still need to investigate why the plugin apparently failed to do its job. There are at least two possibilities that come to mind: the plugin simply doesn’t work (although it’s worked in the past) or the WordPress development team overrode the do-not-update directive due to the severity of the security flaw. Neither makes me very happy, but at this point, both are speculation on my part.

WordPress Update Policies

The default setting in WordPress allows for so-called minor updates to happen automatically. This means when there’s a patch released, in this case 3.8.1 to 3.8.2, WP will update itself unless told not to, at least in theory. Major updates, i.e. 3.8 to 3.9 can be allowed, but are not by default. This is a good thing, in my opinion, because there is a much greater risk with a major update.

Without detailing them, suffice to say that if one wants to turn off the automatic updates, WP provides ample ways to do so. This is typically an entry in the wp-config.php file which means editing the file and inserting some code that tells WP not to update automatically.

Needless to say this is not user friendly so several plugins have appeared that are supposed to make this easy for the average user. The one I’ve been installing and using, Update Control, is one such plugin and is very highly rated on the WordPress plugin repository. I’m sure you can imagine my disappointment that it’s apparently not living up to the nearly 5-star rating.

Check Your Sites

If you’ve received a notice that your site was updated, please check it and make sure that the WP version is 3.8.2 and that everything on the site is working properly. As I said, there should be minimal risk with this patch update. I’m much more concerned with the failure of the plugin to prevent the automatic updates.

If you are maintaining your own site, please update to WP 3.8.2 immediately. The Heartbleed flaw is serious and potentially very damaging. We want to close this off as soon and as completely as possible.

John Sawyer

Like this post?  Sign up below to be notified when new posts are published:

[email protected]
John

Share this post:

TwitterFacebookLinkedIn

Filed Under: Anti-Malware, General, Safe Computing, Security, Updates, WordPress

Select Module

Comments

  1. Roland says

    April 9, 2014 at 8:47 am

    Thanks for the information. I’m glad that you’re part of my team!
    Roland

    • John says

      April 11, 2014 at 12:25 pm

      My pleasure, Roland!

  2. Chris Haines says

    April 15, 2014 at 8:20 am

    Hi
    Very interested to hear you as we also have Update Control. However not working for 3.8.2 and today neither for 3.8.3. Are GitHub (or whoever) working on this? Or do you know a better simple Plugin (w/o code changes please)/Chris

    • John says

      April 15, 2014 at 10:53 pm

      Hi, Chris, an update has just been released for Update Control. I’m hoping that will fix the plugin so that it does what it’s intended to do. I guess we’ll find out with the next patch release! I’m seriously considering putting the appropriate codes into wp-config.php and eliminating Update Control, but I understand that approach is not suitable for all WP users.

Recent Posts

  • Protect Yourself From Router Exploit
  • Is GDPR Compliance The Problem?
  • Warning! WordPress 4.9.6 Is Coming
  • MalwareBytes Update Issue
  • Google Issues New HTTPS Guidelines

Find Your Domain

Find a domain starting at $0.48

powered by Namecheap

Reach new audiences and grow your following

Privacy Policy | Terms of Use

Copyright © 2007-2021 by Chon Resources – All Rights Reserved Worldwide

We use cookies for various purposes including analytics and personalized marketing. By continuing to use the service, you agree to our use of cookies. - Privacy Policy
Protected by WebARX