News – WordPress 5.8.1 Security and Maintenance Release
On the 9th of September, WordPress sent out a security and maintenance release.
WordPress administrators were warned that security flaws had been found.
The security threats, if left unfixed, could lead a website susceptible to attack by hackers.
The three specific issues addressed in the security and maintenance release were the following:
- a data exposure vulnerability within the REST API.
- a XSS vulnerability in the block editor.
- security fixes for the Lodash library.
Full details can be found for this release, and all releases, on the official WordPress.org news section.
You should immediately update your WordPress installations and have them running the fixed 5.8.1 version.
At first, this type of notice can be very concerning and has one doubting their choice to use WordPress as their CMS of choice.
When you dig a little deeper. Or you have been using WordPress for some time. You find it is quite common for these incremental updates to be released.
It is especially true after a major update like the July 20th release of WordPress 5.8 Tatum.
WordPress is the most popular content management system. It powers over 34% of all websites on the internet. That popularity is bound to get a lot of attention from those trying to exploit its users.
Luckily, there is also a massive community of users, testers, and contributors to the open-source software.
This community allows any bugs or security issues to be found and fixed fast.
A WordPress security and maintenance release is not the same as a “major” release
WordPress has a major release a few times per year. Major releases are signified by two digits. Any release that has a third digit is a minor release.
Since major releases carry new functionality in the CMS, it is typical for hosts and users to wait a week or so before updating.
This delay allows some time for the WordPress community to digest the changes. Time to update plugins and themes to be fully compatible with the new version.
However, a security and maintenance release will specifically address a security issue or specific bugs in the latest major release.
For example, the 5.8.1 release, not only addressed 3 potential security flaws but also fixed 61 other bugs identified by WordPress community members.
All these details can be found on the official WordPress blog under the releases category.
For that reason, it is very important that website administrators keep a lookout for such releases on a regular basis and apply the updates as soon as they are available.
Check your hosting company for automatic WordPress updates
Certain managed WordPress hosts will automatically apply these updates as they are released, while other hosts leave it up to the website owner.
Check if your host automatically applies the updates by logging into your dashboard, clicking the Updates link, and seeing what version is listed.
Reference the official WordPress release page to check for the latest version.
Performing a WordPress update manually
If you do need to run the update make sure to run a backup of your WordPress website files and database first.
Store the files away from the server or directory that your site is installed in for safekeeping.
Downloading them to the desktop, or even better, to a cloud storage location like Google drive is best.
One option to make backups easier is a free plugin called UpDraft Plus.
The plugin is regularly updated and has over 3 million active installations.
Backups can be created from the WP administrator dashboard with the click of a button.
There is also the ability to download backups to your local machine or set up transfers to many popular cloud storage options.
Once you have your backup, go ahead and update to the latest version via the updates link on the WP Admin navigation menu.
Check your website after the update to make sure there were no impacts on layout or functionality.
Review multiple pages, fill out a contact form, and generally replicate how an end-user would interact with the website.
If you come across any issues in your quality check, then it is most likely a conflict with an existing plugin and the new version of WordPress.
Double-check the plugins information page to see what version it is compatible with.
As long as the description lists the most recent major release, there should be no issues. If it has not been updated then that could be the culprit.
If required, you can always roll back the version to WordPress to an earlier version.
Although keeping an older version plugin is not recommended, it may be needed until you can resolve the plugin conflict.
WordPress maintenance needs to be part of your routine
Make sure you, or a member of your team, have a regular routine in place in order to keep your websites as safe and error-free as possible.
Per a recent article by the hosting company Kinsta, titled Wild and Interesting WordPress Statistics and Facts (2021) , WordPress is by far the most infected of the content management systems out there.
This is largely due to the popularity of the platform.
The same article states that 52% of WordPress attacks are related to outdated plugins and 44% are caused by outdated WordPress sites.
So in addition to WordPress core releases, it is always important to stay on top of plugin and theme updates as well.
If you are looking for help with this kind of maintenance, feel free to reach out and ask us about our monthly WordPress maintenance packages.
Stay safe out there.