Another day, another WordPress update; this time it’s WordPress 4.3.1, which was released on 15 September 2015 and is a security update addressing the following issues:
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
- A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
- Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).
The update also fixed 26 bugs – see the official release announcement for full details.
While we appreciate that dealing with WordPress updates can be a nuisance – you need to backup your database and files, run the updater and then also update any plugins you’re using – it really is worth doing as soon as possible after release. For the most part this is because of any potential security risks that might be posed by not updating, but also because when there’s a major update you get access to cool new WordPress features that can make WordPress easier to use or your website snazzier (or both!)
If you haven’t run WordPress updates before and aren’t sure where to start, here’s how to do it.
First of all, make sure you have a good backup plugin in place. We like Simple Backup because it does what it says on the tin: it backs up your site, and it’s easy to use. We’ve tried others but always come back to Simple Backup because it’s so simple to install and use.
Once you’ve installed the backup and configured its settings, run a backup. For small sites this shouldn’t take longer than a couple of minutes.
When your backup has completed, either click the update message at the top of your admin screen or go to dashboard >> updates in the admin menu. Click the ‘update now’ link and when the update has finished running, WordPress will let you know.
Finally, check whether your plugins need updating. Most of the larger and more on-the-ball plugin developers will release updates pretty soon after the WordPress update itself is released, so you’ll see update messages underneath them on your ‘installed plugins’ list. Expect more plugin updates to be released in the days and weeks following the WordPress update, and check for these regularly to make sure everything on your website is up to date.