Do you think updating WordPress every time is a headache? And why do they even release so many updates? Do I really need to update each time? Well, the answer is ‘Yes.’
Why should you update WordPress?
WordPress is an Open Source software. It’s core developers create newer versions for more features and bug fixes. Also, security and performance improvements are there in updates. Updating to latest version avoids the vulnerability present in previous versions. Updating your WordPress prevents hackers to insert malicious code through plugins. Such malicious codes can steal your confidential information or even create a bad SEO impact.
WordPress is the most popular CMS right now. Finding a vulnerability could affect a huge number of websites. That’s why WordPress is the favorite target for hackers. A new WordPress version comes with bug fixes and vulnerability reports.
White hat hackers find exploits and security holes in the core. These bugs get resolved in latest WordPress updates. Hackers use these reports to attack websites which are not updated yet basically websites which are vulnerable. Hackers can deface your web pages and posts. And this can seriously affect your business. Not updating your WordPress software is the most common reason behind the hacking and following certain simple tips can help you protect your WordPress website from hackers.
How can Hacker check your WordPress Version?
This is not something which requires a pro hacker to find out. Even you can check WordPress version of many websites just by viewing its page source. ‘View Page Source’ also shows version number of many popular plugins. If your website is not updated and WordPress and WooCommerce versions of your site are visible through View Page Source, it is indeed a treat for the hackers.
How to hide the WordPress version number?
WordPress by default adds a meta tag in header section which displays its version number. But as it is highly customizable you can quickly remove it. Use this simple line to hide your WordPress version from View Page Source.
Just add this line to functions.php file. It will also hide version number of plugins like WooCommerce.
Issues fixed in WordPress 4.7.5
The most recent version of WordPress to this date is 4.7.5 which is a major security release. It fixed –
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery(CRSF) vulnerability in the file system credentials dialog
- A cross-site scripting(XSS) vulnerability while uploading very large files.
- A cross-site scripting(XSS) vulnerability in the customizer.
- And 3 maintenance fixes
WordPress 4.7.4 was a maintenance release and its previous two versions 4.7.3 and 4.7.2 were security-related releases which fixed some major security issues. It is strongly encouraged to update to them immediately.
WordPress 4.7.2 fixed a content-injection vulnerability. It is an unauthenticated privilege escalation vulnerability in a REST API endpoint. That means the hackers can modify the content of your web pages and posts if you are not updated to 4.7.2 or newer version yet. Also, this update fixed some cross-site scripting issues, a SQL injection vulnerability, and a bug with permissions. ‘Securi’ security researchers described these security flaws in detail.
WordPress 4.7.3 fixed cross-site scripting (XSS) attack via media file metadata, tricking redirect URL validation, unintended files deletion using the plugin deletion functionality, cross-site scripting (XSS) attack via video URL in YouTube embeds, cross-site scripting (XSS) attack via taxonomy term names, and cross-site request forgery (CSRF) which causes the excessive use of server resources.
Security is not the only one reason for updating WordPress every time. WordPress releases some amazing features with its updates. Some features improve user friendliness. WordPress always tries to make things faster and safer. A faster website creates a good SEO impact. Updating WordPress can improve your website performance. A faster and efficient website always create a happy user’s experience.
WordPress updates can be done manually or automatically. Dashboard –> Updates is the page where you can go and manually update the WordPress, Plugins, And Themes. All you have to do is click the ‘Update’ button and WordPress itself will do all the things for you. The Manual update gives you a choice to update anytime. Some nonsecurity updates can be done on low traffic time, which can help you to test the website thoroughly after an update. WordPress automatically updates minor maintenance and security releases by default. More detailed information about automatic updates is on WordPress Codex.
Major WordPress Upgrade – WordPress 4.8
This WordPress version will be seen with some amazing visual features, dashboard widget, etc.
All in all, WordPress 4.8 will come up with –
- Revamped Widget Area
- Image, Audio, and Video Widgets
- Visual Editor in Text Widget
- News and Events Dashboard Widget
The most important part of managing your WordPress website is to keep its installation up to date. Updating WordPress is certainly a great practice to ensure the reliability and efficient working of your website.
Before updating taking backup of your website and WordPress is highly recommended. Also testing WordPress and plugin updates on development sites is a good practice.