As always we encourage whenever there is a WordPress core update, that you back up your site and get your site updated to the newest version. These will help keep your site more secure.
Whats about WordPress 5.2?
Keeping Your WordPress Site Safe
WordPress 5.2 gives you even more robust tools for identifying and fixing configuration issues and fatal errors. Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information when you need it.
After you have your core updated, watch for other updates in the next couple of weeks for plugins installed on your WordPress site and updates to themes. This gives developers time to make adjustments to the new WordPress core changes.
Subscribing to specials, updates, security information just got easy!
The team at Secure Hosting WP wants to make sure we make securing your WordPress or any other platform you choose on Secure Hosting WP as easy as possible now by giving you desktop or mobile push notifications when you subscribe. Even if it is simply to remind you that you need to keep up with your updates and when they are released. No other hosting keeps you informed with such an easy way of reminders.
Securing your WordPress site, hosting, other content management platforms is always of high priority for us at Secure Hosting WP.
These awesome visual reminders, we think, will help you stay informed and on top of managing your WordPress (or many other platforms we offer) in your account. If you don’t have to host with Secure Hosting WP, you can still subscribe.
We make it easy to subscribe!
When you go to Secure Hosting WP, you will be prompted to subscribe. We encourage you to do so to get latest specials, security updates and more without having to constantly check back on the site! It’s that easy!
If you choose not to subscribe at your first visit (you may be on a public computer somewhere) then you can always choose to later subscribe by clicking the GREEN bell.
If you ever want to unsubscribe for whatever reason, even if temporary, just visit the site, click the bell and unsubscribe. You can always subscribe again whenever you want!
We promised a dedication to making your experience as easy as possible for all of our supported domain and hosting clients. This is just one way we keep YOU up to date.
We hope as we are coming up with such great tools to use for subscribers, you will find out how we really roll at Secure Hosting WP.
In the past week, WordPress has updated the version of WordPress to versions 4.9.2 and version 4.9.3 for security and bug fixes. WordPress 4.9.3 was released earlier this week and unfortunately, it broke the auto-update mechanism in WordPress. Sites running 4.9.2 were auto-updated to 4.9.3 and will no longer be auto-updated unless you perform a manual update.
According to the news of the updates of WordPress, Wordfence put out a post regarding what happened.
WordPress 4.9.3 included a bug that causes a fatal PHP error when WordPress tries to update itself. This interrupts the auto-update process and leaves the site on 4.9.3 forever.
The core developers tried to reduce the number of API calls that occur when an auto-update job is run. According to the WordPress core development blog:
“#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human error, the final commit didn’t have the intended effect and instead triggers a fatal error as not all of the dependencies of find_core_auto_update() are met. For whatever reason, the fatal error wasn’t discovered before 4.9.3’s release – it was a few hours after release when discovered.”
Only Actively Maintained Sites Are Affected
WordPress has included the capability to auto-update since WP version 3.7, which was released four years ago. The WordPress auto-update function only updates minor versions by default. That means that only releases that change the number to the far right of your WP version will auto-update. In other words, if you were on 4.9.3 and 4.9.4 is released, your site will auto-update. But If WordPress 5.0.0 is released, your site will not auto-update by default.
It’s important to understand that WordPress works this way because that limits the number of sites that auto-updated to the version that broke auto-update. Only WordPress sites running 4.9.2 would have updated automatically to 4.9.3, which broke auto-update.
This is important because A) It means that the population of websites that now have a broken auto-update is smaller than ALL WordPress sites and more importantly B) The sites that have a broken auto-update would have been manually updated by the site owner when WordPress 4.9 was released.
This means that every site affected by this was manually updated to WordPress 4.9 “Tipton” after November 16, 2017, when 4.9 was released. So, while this bug is unfortunate, the good news is that, for the most part, it only affects actively maintained sites that have been manually updated by the admin within the last 3 months. If a site was not updated to WordPress 4.9 during that time, it will still be on an older track and will not have received the broken auto-update.
The sites that we are most concerned about are sites that are unmaintained. If auto-update broke on those sites, they may not receive another update for several years, until someone remembers the site exists and does an update. Those unmaintained sites are not affected by this and will continue to auto-update.
For example, we have an unmaintained test website that is currently in WordPress version 3.9.23 and it has been steadily receiving auto-updates without any updates from us. That site is not affected by this bug and it received it’s most recent auto-update on January 16th.
Update Your Site Manually Now
Some of you will find that your hosting company has taken care of this for you, especially if you are on a ‘Managed WordPress’ plan. If you are now stuck on WordPress 4.9.3, you will need to manually update your site to continue receiving auto-updates. To update manually and get past this broken auto-update issue, simply sign into your WordPress site as your admin user and visit Dashboard → Updates and click “Update Now.”
After the update, make sure that your core version is 4.9.4. You can scroll down and check the bottom right of your admin panel and it should say “Version 4.9.4”.
Please share this info with the WordPress community to help make them aware that they will need to sign into their sites and do the manual update to get past version 4.9.3 and this issue.
Read the full article by Wordfence “WordPress Update Breaks Future Auto-Updates. Manually Update Now!”
If you need help with updates, security or other WordPress questions, feel free to contact the Secure Hosting WP Team.
It is always important to backup and do the WordPress core updates for your site. Most of the time, WordPress updates deal with ongoing security issues and bugs. This Version 4.9.2 deals with some security issues.
See the WordPress Core Version4.9.2 Update Details here.
Keep an eye on your WordPress site in the next few days because normally plugins and themes follow core updates.
If you need a team to do your updates, feel free to contact us.
Here are some other ways of keeping your WordPress sites secure:
- Install a proven security plugin for WordPress. You can see some of the recommended on our WordPress resource page.
- Install an SSL on your hosting to secure your site. See our SSL Certificate plans. You can even install one to cover all of your sites in your WordPress hosting.
- If you feel like your site has been compromised, you can use a web security clean up of your site. Or get a website security service to give that extra protection.