When you woke up this morning you should have found an email in your inbox telling you that your WordPress has automatically updated itself to 4.7.2.
Email reads something like this:
Howdy! Your site at http://your-wordpress-website.com has been updated automatically to WordPress 4.7.2.
No further action is needed on your part. For more on version 4.7.2, see the About WordPress screen: http://your-wordpress-website.com/wp-admin/about.php
If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help. https://wordpress.org/support/
This is one of those important security releases aimed at ALL previous versions of WordPress and we seriously Monkey encourage you to update all your WordPress sites today if you didn;t get the email above.
For those of us interested and who care (yes all 5 of us lol! 😀 ), and from the makers themselves, they have told us that all WordPress versions (iup to and including 4.7.1) wer (and still are) affected by these 3 security issues:
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Queryis vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
How do they find these kind of things you may ask (yo may not as well, more than likely), well this is all found out by volunteers who report of these kind of code and security issues to the core WordPress. We all sincerely thank them for practicing responsible disclosure, i.e. not exploiting these ‘cracks’ for cash to hackers!
So what to do now?
More than likely this has happened automatically (if you got the email, nothing to do 🙂 it’s all been taken care of and your site is running smooth). Indeed if you got the email then you site is set up well, and is doing what is shoul do.
There is another possibility that you have WordPress Hosting with one of the big boys (GoDaddy or BlueHost) in which case we recommend you leave it up to them. They work on another
planet schedule with their servers and such.
If you DO want to get your hands in there then head over to your WordPress Dashboard → Updates and simply click “Update Now.”
Hopefully all of you are sensible and have selected hosting and system that support automatic background updates are has already updated to WordPress 4.7.2.
Full details of this here: WordPress 4.7.2 Security Release