Update WordPress Websites Now to Patch Security Bugs
Note: We may earn a commission from products or services when you click on a link and make a purchase.
The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin regarding two WordPress security bugs. CISA recommends that website owners running WordPress protect their sites immediately by updating to the latest version.
The current, secure version is WordPress 5.7.1. This version is a short-cycle security and maintenance release meaning the updates cannot wait until the next planned stable upgrade which will be WordPress 5.8.
“CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1.” says the CISA bulletin.
Two security issues affect WordPress versions between 4.7 and 5.7.
- A security bug involving XML external entity injection within the WordPress media library affecting only PHP 8. The ability to load external entities is disabled.
- A data exposure vulnerability within the REST API. To fix this WordPress has added extra security measures to restrict access to password protected posts.
The update also fixes 26 other glitches like improved buttons layout and admin pointer arrow border color.
All WordPress versions since 4.7 are also updated with this patch.
What is CISA?
The Cybersecurity and Infrastructure Security Agency is a United States federal agency based in Virginia. The agency operates as part of the National Protection and Programs Directorate.
Need Security Training? Certifications at Your Own Pace
- IBM Cybersecurity Analyst Professional CertificateIntroduction to Cybersecurity Tools & Cyber Attacks by IBM
- Generative Adversarial Networks (GANs) Specialization from DeepLearning.AI
- Agile Leadership Specialization from the University of Colorado
- International Cyber Conflicts from the State University of New York (SUNY)
- IT Fundamentals for Cybersecurity Specialization by IBM
- Google Cloud Security Professional Certificate from Google Cloud
- Google Cloud Networking Professional Certificate from Google Cloud
- Introduction to Blockchain Specialization from Association of International Certified Professional Accountants
What is WordPress?
WordPress is a content management system (CMS) running about 40 percent of the world’s websites. Once thought of as a basic platform for use by bloggers, WordPress is behind some of almost 15 percent of the world’s top websites like eBay, Sony, GM, UPS, Forbes, CNN, Reuters, The NYT, Samsung, and IBM.
It can be customized with the addition of themes and plugins. WordPress even has eCommerce customizations all available as plugins.
Code is open source and built on PHP and MySQL.
“Because this is a security release, it is recommended that you update your sites immediately,” says the official WordPress release informational page.
WordPress core, themes, and plugins can all be set to take automatic updates. This makes maintenance easier and less time consuming. However automatic updates run the risk Evan countering theme and plugin conflicts that may go unnoticed.
How Update to WordPress 5.7.1
If you need tell instructions on how to update to the most secure version of WordPress follow our tutorial on how to update WordPress. You will need admin permissions to upgrade your site. you may also need to upgrade all your plugins and themes as well.
WordPress website owners and site admins can easily update to WordPress 5.7.1 from withing the admin area of their website. Alternatively, a fresh copy of WordPress can be downloaded from the official repository.
Both upgrade options are always free of charge.