WordPress Core version 4.8.2 is out now. To brief this security and maintenance release, the updates are minor and if you have enabled the auto updates feature, your WordPress website/s will be upgraded automatically.
As declared on the official WordPress website, there have been six updates so far this year. These updates and releases mainly feature security fixes, which also includes the silent patch of January, this is the first since v4.7.5.The maintenance aspect of the latest release includes six software updates. However, the general focus this time has been on the following:
The maintenance aspect of the latest release includes six software updates. However, the general focus this time has been on the following:
- 5 cross-site scripting (XSS) concerns
- 2 directory traversals
- 1 open redirect
This security and maintenance release includes a fix to $wpdb->prepare(). This will prevent the WordPress website users from any SQL injection attacks. Although it is a fact that the core WordPress content management system is prone to any kind of SQL injection attacks.
But the same cannot be said for some of the plugins, extensions, and themes which a user may add onto his website. This depends on how an admin of a WordPress website may use the $wpdb->prepare() function in their syntax.
The cross site vulnerability, which was the major reason behind this security and maintenance release, were found in the following:
- Template names
- oEmbed discovery
- Plugin editor
- Visual editor
Such cross-site vulnerabilities are one of the popular vulnerabilities found in WordPress plugins and themes.
Apart from the cross site vulnerability, WordPress also fixed 2 path traversal vulnerabilities. These were found in the following locations:
- File unzipping
Before you hit the upgrade button, you need to consider the following pointers:
- Save the XML files in an external hard drive. This can simply be done by clicking on the tools menu located in the left sidebar.
- Click on export and on the next screen, click on the Download Export File option.
- It is advised that you create a new folder on your external hard drive to store all your WordPress files. Also, it is a good practice to create a backup of these files, irrespective of the updates and releases.
- Create a backup of your database. Here is when the magic of WordPress comes into play. There are a plethora of plugins that will make it a piece of cake.
- From all the options available out there, the WP-DBManager outlays all. This plugin does more than just creating a backup, this is one of the best handy tools used by the WordPress community all over the world.
- You can make use of the WP-DBManager to perform minor repair and maintenance tasks on a daily basis to ensure that your WordPress website performs well at all times.
- Next, you need to FTP into your host server. Download a copy of the backup. This is important as this will ensure that you have an additional copy of your database away from the server.
- In case the server goes down or there are any other technical glitches in the server, you can always reach out the additional copy and get the job done. If you think your system cannot be relied on, you can head out to cloud storage.
- Download the theme, framework, and child theme folders on an external drive. This is critical, especially if you are using any customized themes or any other functionalities on your website.
- Before you click on the upgrade option, remember to deactivate all the plugins to avoid any errors post updation.
WordPress 4.8.2 At A Glance
This security and maintenance release of WordPress patched 8 security threats or vulnerabilities as well as 6 maintenance issues. Preventive measures have also been taken by WordPress for the core syntax in order to prevent a third party plugin or theme to cause an unwanted vulnerability and hence, any SQL injection. So, just like any other WordPress update, the security and maintenance release ensures that WordPress remains the most desired and reliable content management system in the digital world. As a best practice of website management, it is advised to keep the settings to auto update in order to make the most out of this platform.