WordPress 4.8.2 is out, Update Now

WordPress core version 4.8.2 is released on 19 Sept 2017 for the public. In brief, this is a security and maintenance release and the updates are minor. If you have enabled the auto updates feature then your WordPress website/s will be upgraded automatically.

WordPress 4.8.2 features nine security fixes which the website owners will want to apply. In total, there have been six updates this year featuring security fixes.

The maintenance side of the update features six other software updates but generally focuses on the bit that bothers Naked Security readers most, security where we see five cross-site scripting (XSS) flaws (a popular attack vector that refused to disappear), two path or directory traversal issues and one covering an open redirect.

There is also the precautionary hardening of the $wpdb->prepare() method.

A leading WordPress developer firm, Designs2HTML Ltd. found that the main problem is not the vulnerability in the core WordPress software but in what the core allow code in the vast ecosystem of WordPress plugins and themes to do:

WordPress says,“WordPress core is not directly vulnerable to this issue but we have added hardening to prevent plugins and themes from accidentally causing a vulnerability.”

WordPress has a formidable security operation but the huge number of 3rd party plugins and themes are both the software’s best feature and also it weakness as they can add the vulnerability.

Recently the Display Widgets plugin used by more than 2,00,000 websites was pulled after it and its three updates were discovered to contain a backdoor which enables the spam.

The hardening of $wpdb->prepare() is also very important as the best defense against SQL injection attacks is to make sure that SQL queries are correctly escaped. If we add escape characters in a SQL query then it will stop the database engine from treating user-supplied data as code, which prohibits hackers from corrupting queries to their own ends.

WordPress says, “The best way to do your escaping is by using prepare”. “All data in SQL queries must be SQL-escaped before the SQL query is executed to prevent against SQL injection attacks. The prepare method can perform this functionality for WordPress”.

Hence the developers will be using prepare because it protects against SQL injection. The updated versions of WordPress must be safe from buggy third party code but the old ones may not be. Hence the plugins and theme developers should test their code against older versions of the core.

These security fixes generally affect all the WordPress versions before and including version 4.8.1.

This is actually a relatively low-key update in the eventful period for WordPress patching. The main issue is who patches and how quickly.

Attackers were still able to exploit the issue to deface large numbers of unpatched websites even though WordPress has recommended for automatic security updates.

Hence WordPress updates release notes start with the simple advice “We strongly encourage you to update your sites immediately.”

What are the updates in WordPress 4.8 “Evans”

WordPress 4.8 update was released on 8 June 2017. WordPress developers as well as users were so curious to know what is in it and were excited to experience the changes. In order to upgrade user experience and flexibility, WordPress introduces new things in each of its updates. WordPress 4.8 has brought lots of changes that developers love and will also improve the user experience.

In this article we will tell you what’s new in WordPress 4.8 and which features you should try after updating your websites.

4.8 is a major release of WordPress and unless you are on a managed WordPress hosting service, you will have to manually start the update.

Also remember don’t forget to create a complete WordPress backup before starting the update.

All New Media Widgets

There are three new defaults widgets in WordPress 4.8. Users were looking for these widgets for long time and finally they got them.

Now ready for a more intuitive WordPress

WordPress 4.8 “Evans” is named in honor of the jazz pianist and composer William John “Bill” Evans and now available for download or update in your WordPress dashboard. If you are  a WordPress developer then the new features in 4.8 will add more ways for you to express yourself and present your brand.

Some people may see some updates minor but they have been built by hundreds of contributors with keeping you in mind. Now you should get ready for new features which you will welcome:-

  • Link improvements
  • Three new media widgets covering images, audio and video
  • An updated text widget that supports visual editing and
  • An upgraded news section in your dashboard which brings in nearby and upcoming WordPress events and meetings.

Exciting Widget Updates

Image Widget

Now for any WordPress user, adding an image to a widget is a simple task that any WordPress user can do even without the knowledge of how to code. Now you can simply insert your image right within the widget settings. You can try to add something like a photo of your latest vacation or get together – and see it appear automatically.

Video Widget

If you want to express the branding of your website then a video is always welcome and is a great choice. Now you can add any video from the media library to a sidebar on your site with the new Video Widget. You can use this to showcase a welcome video to introduce visitors to your site or to promote your latest discounts or offerings.

Audio Widget

If you are a podcaster, musician or an avid blogger then adding a widget with your audio file has become even more easier. Just upload your audio file to the media library then go to the widget settings an select your file, you are ready for listeners of it. This is an easy way to add a more personal welcome message to your site visitors.

Rich Text Widget

This feature deserves the praise. Rich text editing capabilities are now native for the Text Widgets. Now you can add a widget anywhere. Now you can have fun with your new found formatting powers and see what you can accomplish in a short amount of time. As a WordPress developer you will love this feature.

Link Boundaries

You must have tried updating a link, or the text around a link and found that you are not able to edit it correctly. Now with link boundaries, a great new feature, the process is streamlined and your links will work well.

Nearby WordPress Events

WordPress has a huge offline community with groups meeting regularly in more than 400 cities around the world. WordPress now making it easy to know about these events that help you continue improving your WordPress skills, meet friends and publish. Now you can easily find your local events just by logging in to your dashboard and checking at the new Events and News dashboard widget.

Some more reasons for Developer Happiness:-

  • More Accessible Admin Panel Headings
  • Removal of Core Support for WMV and WMA Files
  • Multisite Updates
  • Text Editor JavaScript API
  • Media Widgets API
  • Customizer Width Variable

As so many WordPress developers were waiting for the launch of WordPress 4.8 hence now they can upgrade to this version and have use the many benefits it is offering. In future more updates will come and we will continue using WordPress as it offers so many benefits to the developers as well to the end users of the website.

What all is new in WordPress 4.7.4

On 20th April 2017, WordPress released its latest version i.e. v4.7.4. Actually, its a maintenance release which has fixed 47 critical issues that were disclosed in the previous versions of WordPress v4.7.3. This update features a visual editor compatibility fix, which can be directly synced with the upcoming version of the Google Chrome.

With the maintenance release now available at WordPress.org there won’t be any broken thumbnails during the WordPress web development. After updating WordPress core, you won’t be facing any issues while uploading any of the video or audio files. It will be good if you consult a skilled WordPress developer which will help you get through this up-gradation process. The v4.7.4 also features the ability to Shift-click and select multiple checkboxes at once.

Some Key Highlights Of The Update

  • The visual editor will now be compatible with the latest version of Google Chrome.
  • A fix for broken audio-visual thumbnail bug.
  • Enhancements in the REST API making it efficient in data handling.
  • Restores the ability to perform multiple select from a range of checkboxes.

How To Update?

It will be good if you deactivate all the active plugins before initiating the up-gradation process.

Save all the WordPress XML Files on the hard drive. Click on the “Tools” icon and “Export”. Now you have to download the “Export” file. You have to create a “New Folder” on the hard drive where you can store all the extracted files.

Make sure you have to take regular backup of your portal. There are a plethora of plugins available in the WordPress Directory which will assist you in accomplishing this task. You can also schedule backups with the help of these plugins.

Download the copy of your WP Database Backup. This will come in handy in case the server crashes or any other thing goes south. That’s why it’s preferred that you should store the backup file in the cloud.

Now you have to download the theme/child template folders to a local hard drive or cloud. In case you are using the custom theme, then this step is mandatory.

Summing Up

The WordPress v4.7.4 offers 47 maintenance fixes that improve its interface & functioning. You can access the official release notes on WordPress’s site.

Time to upgrade: WordPress version 4.7.3

One of the major reasons behind the insane popularity of the WordPress content management system are the core updates that are released on regular basis. Most of the time, these updates are related to security patches, backend or frontend codes and WordPress core. It will be good if you quickly install all these official updates as it will help in making your WP-based website stable, secure and functional.

On 6th March 2017, WordPress released v4.7.3 which comes loaded with some major security issues and it is recommended to update your WP sites immediately. In case, you don’t have to time for this task, you can hire WordPress developer who will help you update your WordPress core. The latest version of WordPress has eliminated six security problems which were detected in v4.7.2. Although, WordPress has officially rolled out the update but it will take some time to reach out to the users spread across the globe.

Given below are six security issues that earlier affected the functioning of WordPress v4.7.2:

  • Control Characters which tricked the redirection of URL validation.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • The cross-site scripting (XSS) done via taxonomy term names.
  • Unintended files which can be removed by administrators with the help of plugin deletion functionality.
  • Cross-site scripting (XSS) via media file metadata.
  • Cross-site Request Forgery (CSRF) which lead to the excessive use of server resources.

In addition to the above-mentioned security problems, the WordPress 4.7.3 contains approx 39 maintenance fixes to the whole v4.7 release series. For further information about the complete list of changes, you can refer to the official release notes provided by the WordPress.

So if you wish to manually download and install the WordPress 4.7.3, all you need to do is to venture over the WP Dashboard -> Updates and click on the “Update Now” button. In case, your website supports automatic background updates, then your portal will automatically upgrade to the WordPress 4.7.3.

All you need to know about WordPress v4.7.1

On 6th Dec 2016, WordPress released the v4.7 which is codenamed as “Vaughan”. Within just one month, the v4.7 recorded over 16 million downloads and this number is rising day by day. The best thing about this new version is the users don’t have to do the up-gradation process manually, everything is initiated directly from the WordPress main servers. After the launch of v3.7, WordPress integrated automatic updating system so that users don’t have to get into the hassle of installing update files themselves.

Recently, the user community and WordPress developers noticed some major vulnerabilities in the v4.7 and to overcome all these, WordPress quickly released v4.7.1 which eliminated over 62 bugs from the core codes and also resolved the security flaw in the popular PHPMailer Email Library that was first detected in November 2016. This incremental update and bug fixing helped users to make their portals safe & secure.

The security upgrade in the WordPress v4.7.1 removed the vulnerability which wasn’t actually in the WP’s core codes but in the open-source script of the PHPMailer library. The PHPMailer is a popular email creating and transfer library for the PHP which is used by the WordPress. The error was reported in the Remote Code Execution (RCE) which was later identified as the CVE-2016-10033 and the users detected this issue in December 2016.

Although, PHPMailer released a separate update for the CVE-10033 error but they were not able to fix this issue properly. As a result of this loophole, millions of websites were not able to roll out emails to their global clients and customers. Once this issue was reported, the PHPMailer released another security patch to eliminate this vulnerability. As this error was not associated with WordPress code, so the WP support team was less bothered about this problem.

Once the v4.7.1 was released, all the vulnerabilities were removed and the CMS system remains unaffected by the technical issues. With v4.7.1 has become more safe and secure. According to the installation notes of v.4.7.1 “there is no specific issue appears to affect the functioning of the WordPress. All the plugins we investigated till now remain safe and out of an abundance of caution we are officially updating PHPMailer in this latest release.”

Apart from rectifying the PHPMailer problem, another loophole was of the information leakage that occurred from the REST API that exposed the user’s personal and financial data. Moreover, the v4.7.1 also offers patch files for Cross-Site Scripting (XSS) vulnerabilities as well as the pair of Cross-Site Request Forgery (CSRF) flaws.


In this article, you will read about some major security updates that come with the latest version of WordPress i.e. v4.7.1. It will be good if you update your CMS software today and get rid of all these issues in a hassle-free manner.