To boost security and help protect your website against attacks, one of the most important steps you can take is updating WordPress.
WordPress 4.2.2 is now available, and addresses the security issue I recently reported to churches using WordPress 4.2 and earlier to run their websites.
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
- The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
- WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.
Why updating WordPress is important
Maintaining a website is sort of like having a pet. It requires regular, consistent, ongoing loving care.
If you’re like many website owners, security isn’t at the top of your priority list. In fact, you may not even think about it at all.
But, you should.
Having a “set it and forget it” attitude towards your website, leaves both your site and those who use it unnecessarily exposed to potential threats.
To boost security and keep your website running in tip-top shape, updating WordPress is a requirement.
Among other things, WordPress updates plug any weaknesses and vulnerabilities that can be exploited by attackers.
For the same reason, you also should immediately apply any updates released for your theme and plugins.
Updating WordPress offers other benefits, too
Updating WordPress plays an essential roll in helping you properly maintain your church website and create a better, safer experience for you and your website visitors.
Boosting website security isn’t the only reason to keep WordPress updated.
WordPress updates also can provide improved performance, bug fixes, and access to feature enhancements.
You can learn more about the benefits of updating WordPress, and how to do it by following the links below.
For further reading
Why You Should Have The Latest Version Of WordPress
by Rachel McCollin on WPMU DEV
6 Steps To Follow When Updating WordPress
by Matt Lawrence on Synthesis
Importance of Updating Your WordPress Site
by Matt Martz on Rackspace