Updates certainly aren’t the most exciting part of owning a website, especially when it comes to security. Torque has written many times about the importance of updates, not only for making sure your site runs the way it should but mostly to ensure everything is as secure as possible. Checking for and downloading updates should be part of your weekly WordPress routine.
Adding something new WordPress itself, a theme, or a plugin could introduce vulnerabilities. Most of the time, someone catches them before their exploited and an update is made. Not updating regularly leaves your site open to attacks, which is why people are working hard to find vulnerabilities and correct them as soon as possible.
WordPress.org announced 4.5.2 on Friday, a security update which addresses vulnerabilities found in versions 4.5.1 and earlier.
“WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files,” the announcement said. “WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players.”
The update was made available on Friday, and people took to Twitter to urge people to update.
Time to update your WordPress instances: https://t.co/rSVYqJMuVr
— John-Henry Scherck (@JHTScherck) May 6, 2016
Can’t stress this enough guys…please update your WordPress installations ASAP to this 4.5.2 release.
There was… https://t.co/wGXbThyxZj
— Paul Irvine (@paulirvine79) May 6, 2016
Though it may not feel like a big deal to go from 4.5 to 4.5.1, downloading these updates will is necessary to keep your site safe. As we saw with the Panama Papers leak, it doesn’t take much to find a way into a website.
WordPress makes it as easy as possible by allowing automatic updates. If the idea of your computer taking care of the work for you makes you nervous, make sure you are manually downloading from your dashboard. Ignoring the orange button in your sidebar could lead to a much bigger headache down the road. And, if you haven’t updated to 4.5.2, make sure you do so as soon as possible.