Improved Security in WordPress 4.2.2

The WordPress 4.2.2 upgrade was released alongside WordPress 4.1.4 last month on May 7. The highlight of these updates was security, following the recent vulnerability in WordPress websites that dumped unwanted traffic on BitCoin. While that had more to do with websites running outdated versions of the Revslider plugin, security has become a paramount issue in the CMS.

Improved Security in the WordPress 4.2.2 (1)

The latest updates seek to fix the vulnerability flaw in the cross-site scripting (XSS), along with other minor bug fixes. This vulnerability has affected a large number of WordPress websites running popular plugins and themes, most notably the default Twenty Fifteen theme.

If anything, the WordPress 4.2.2 upgrade aims to strengthen the existing framework on fixing vulnerabilities, especially ones found with the Visual Editor in WordPress 4.2 and older versions.

Time to Update

Download the latest WordPress upgrade as soon as you can to ensure that you can leverage on the ultimate CMS experience with improved security features. While the updates are automatic for most websites that have the automatic feature enabled, you can also do so manually from the WordPress Dashboard.

For those who are currently deploying the WordPress 4.1.4 framework and don’t want to upgrade to WordPress 4.2.2, they can easily upgrade to WordPress 4.1.5 with improved security updates. The latest firmware brings the following upgrades from 1&1 users:

Safe Mode – Users deploying 1&1 Click & Build Safe Mode will receive automatic updates.

Free Mode – Otherwise known as self-maintained installation, users who have this enabled on their site will be automatically upgraded to WordPress 4.2.2 or WordPress 4.1.5 respectively. For those who have the automatic update disabled, they can install the latest firmware manually.

NOTE: Always update your themes and plugins with the latest WordPress updates to make sure you don’t encounter bugs and security flaws that can be exploited.

Fixes and Updates

As seen on the WordPress Blog, the following fixes and updates have been made with the latest upgrades:

1. Genericons package that is used in many popular plugins and themes was infested with an HTML file that was vulnerable to XSS attacks. All the affected plugins and themes have been upgraded by WordPress Security Team.

2. WordPress 4.2 and earlier versions were affected by a XSS vulnerability that would enable any anonymous user to compromise a blog or website. The latest firmware upgrade incorporates a comprehensive security fix for the issue.

3. WordPress 4.2.2 upgrade comes with various minor bug fixes introduced since the WordPress 4.2.1. The official WordPress 4.2.2 Release Notes features a comprehensive list of improvements and upgrades that is available on the blog.

Among a myriad of fixes and improvements, we found out some of the best of the lot:

1. The loading error with emojis is now fixed for IE9 and IE10.
2. The keyboard shortcut bug has been fixed for Visual Editor on Mac.
3. The oEmbed now incorporates HTTPS for all YouTube URLs embedded on a site.
4. Encoding checks by WordPress on sending strings to MySQL have been fixed.
5. The memory usage is lowered for regex checking UTF-8 encoding.
6. The issue in wp_signups table on utf8mb4 conversion where the wrong index is changed is finally fixed.

WordPress seems to have found the solution to the vulnerabilities caused by outdated plugins and themes. As developers, we must strive to make sure that client websites are highly secure and have the necessary backup to function normally in case of data theft or loss.

You may also like to read