Berlin: WordPress users are strongly encouraged to update their sites to 3.9.2 as it’s a security focused release. As per the declaration, 3.9.2 fixes a probable rejection of service issue in PHP’s XML processing. The bug was initially reported by Nir Goldshlager of the Salesforce.com Product Security Team and was resolved by Andrew Nacin and Michael Adams of the WordPress security team. The release was also coordinated with the Drupal security team.
As the susceptibility is present in WordPress 3.5 to 3.9.1, there are a number of sites that need to be revised by yourself so as to be secured. Automatic updates for security releases were brought in WordPress 3.7, leaving mainly users of 3.6 and 3.5 vulnerable. As per the stats on WordPress.org, 26.8% of all WordPress sites will not be auto revised. Among those sites, about 18.8% are still employing WordPress 3.5.
WordPress 3.9.2 as a Security Release has other security updates as well:
- Fixes a feasible but improbable code execution when processing widgets (WordPress not influenced by default), identified by Alex Concha of the WordPress security team.
- Avoids information disclosure by means of XML entry attacks in the exterior GetID3 library, reported by Ivan Novikov of ONSec
- Includes safety against brute attacks against CSRF tokens, accounted by David Tomaschik of the Google Security Team.
- Consists of some added security hardening, like putting off cross-site scripting that could be started only by administrators.
You can update to 3.9.2 right away by glancing through to dashboard>Updates in the backend of WordPress. Sites that have automated updates configures will be updated in 12 hours. Sites utilizing WordPress 3.8.3 or 3.7.3 will be revised to 3.8.4 or 3.7.4. Previous versions of WordPress are no longer supported, so kindly update to 3.9.2 for the greatest and latest.
Nearly all WordPress webmasters are capable of updating WordPress from their admin backend page online. If your site is configured with full access to WordPress user or web server, go to WordPress admin page and choose Dashboard -> Updates and click Update Now button.
For other blogs which are configured more steadily without full access to the web server and the root user possesses all the necessary files, they can SSH into the server and download the newest version of WordPress.
It’s good to see the security team from WordPress working to keep users safe. WordPress firmly recommends that you update your sites instantly.
No matter what is your CMS requirement, let us know. Contact our skilled WordPress professionals to discuss how we can help you!