WordPress Updated to Version 4.3.1
What does it mean for you?WordPress regularly provides updates to users, and these updates come in the form of a new, slightly altered version of WordPress. While most updates have little to no obvious effect on the use of WordPress and its basic functionality, some updated do in fact require some explanation. For example, a previous update of WordPress completely redesigned the once-familiar dashboard, requiring a bit of re-learning on the part of developers and everyday users alike. This update, to version 4.3.1, is slightly different. It is, in large part, a security update, and is of great importance for all users of WordPress, whether they be seasoned veterans or first-time users.
What’s New in Version 4.3.1?Version 4.3.1 includes a slew of new bug fixes, as well as some major infrastructure changes that are, for the most part, related to the security of websites running WordPress.
Security UpdatesHere are the major areas affected by the update to WordPress version 4.3.1:
ShortcodesA fix has been included in version 4.3.1 that remedies an exploit found in the use of shortcodes. Shortcodes are shortcuts, in a sense, for placing more complex bits of PHP into a webpage’s content. They appear as "[shortcode_name]", for example, where “shortcode_name” is the name of the function being referenced. The shortcode will output content based on the pre-programmed parameters. They are commonly used with plugins. For example: the shortcode "[woo_product id=”123”]" (just a fake example), could display an image, product title, and price for a particular product in WooCommerce. Version 4.3.1 fixes an issue with cross-site scripting vulnerabilities, which is simply a flaw in which someone can inject your site with malicious code via another site, without your knowledge.
PostsWordPress’s update to version 4.3.1 also targeted a security vulnerability that allowed a user with limited privileges to possibly publish a private post. While this is a less-troubling issue than the shortcode vulnerability, it still presents a problem for sites who have multiple users, and users with varying levels of permission. Before the fix (and only in some cases), a top-level user could, ostensibly, create a private post which could then be opened and published by a user with lower privileges. This should not be possible, according to WordPress security standards. A top level user’s posts, set to private, should not be able to be published by a user with lower privileges. The security update has fixed this issue.
Other Bug FixesIn addition to the security updates, WordPress regularly releases minor bug fixes. These are usually small glitches that users or programmers have discovered, or patches/updates for the ever changing world of internet technology. This part of the update rarely applies to items related to security.
Lastly, remember to always backup your files and databases before updating WordPress! And, if you’re wondering if you should update to the latest version, the answer is always – yes! Failing to update WordPress regularly could result in security gaps, vulnerability, and loss of files and information. If you’re unsure about how, or what to update, don’t hesitate to contact Rockland Web Design.