Reminder to Update to WordPress 4.7.2 and Check Your Site

During the past few weeks we have seen two WordPress core security updates. WordPress 4.7.1 was released on January 11th which was a security update. Then WordPress 4.7.2 was released a few days ago on January 26th.

Both of these releases contain important security updates that fix known vulnerabilities in previous WordPress versions.

These are ‘minor’ updates. That means that if you have a default install of WordPress, your site has probably been updated automatically, unless you have restrictive file permissions or some other restriction in place that prevents automatic updates.

The Wordfence firewall currently protects against all vulnerabilities that are fixed in these two releases. This includes the privilege escalation vulnerability in 4.7.2 that was disclosed yesterday.

If you do have automatic update enabled and your site has been updated to 4.7.2, we encourage you to visit your site and make sure that everything is functioning as expected. WordPress core releases are well tested, but it’s always better to be safe and to verify site functionality after a series of automatic updates like this.

If you would like to learn how to change the automatic update behavior of WordPress, you can read about the WP_AUTO_UPDATE_CORE constant in wp-config.php. The default behavior of WordPress is to automatically upgrade your site to minor releases. And the default behavior is to not automatically update to major releases or development releases. Security releases like the ones mentioned above are ‘minor’ releases, so the updates are applied automatically.