What’s New For The WordPress 3.9.2 Update

What’s New For The WordPress 3.9.2 Update
Blogging

WordPress 3.9.2 Update

What's new in WordPress 3.9.2

WordPress 3.9.2 is the latest security update for the popular WordPress blogging platform. This update is a security release and the WordPress developers encourage everyone to update their sites as soon as possible.

WordPress 3.9.2 includes several improvements to the security of WordPress. Most notably, the update fixes a suspected Denial of Service (DoS) vulnerability that was found in PHP’s XML processing system. This vulnerability was reported by Nir Goldshlager from the Product Security Team at Salesforce, and was fixed by David Rothstein from Drupal’s security team along with Michael Adams and Andrew Nancin from the security team at WordPress. This is the first time that the Drupal and WordPress teams have worked together on a joint security release. Let’s have a look at what else is new in WordPress 3.9.2.

WordPress 3.9.2 also includes several other improvements to the security of the blogging platform, including:

• A fix that prevents a possible but unlikely code execution issue when processing widgets. The default WordPress configuration means that the platform is not vulnerable to this issue, but there are certain configurations which could be flawed.

• An update to prevent information disclosure through XML entity attacks which are passed through the GetID3 library. This issue was reported by Ivan Novikov from ONSec.

• A fix which adds protection from brute force attacks against CSRF tokens. This vulnerability was reported by David Tomaschik who works for the Google Security Team.

In addition, there are several additional security updates which help to prevent cross-site scripting issues that could be triggered by people with administrative access to the platform.

The full list of release notes can be found on the WordPress.org site, along with details of what has been changed, and how to install the update. The update is fairly small and revises just a handful of files, including the readme.html, as well as wp-admin/about.php, the wp-longin.php, and several files in the wp-includes folder.

 

Updating WordPress

WordPress is a free and open source platform, and the update is available for free. Installing the update is as simple as logging in to the WordPress admin panel and going to Dashboard > Updates then clicking Update Now. If your website supports automatic background updates, and you are running WordPress 3.7.3 you will be updated to WordPress 3.7.4. If you are running WordPress 3.8.3 you will be updated to WordPress 3.8.4. Newer versions of WordPress will get the WordPress 3.9.2 update automatically. The auto-update feature does not support older versions of WordPress so these must be updated manually.

If you are interested in seeing the latest WordPress developments, consider beta testing WordPress. 4.0. This beta test is not recommended for production environments, but is stable enough for a personal blog, or for people who want to try the platform on a home server.

 

Troubleshooting

The nature of this update means that end users should see no changes. The update does not alter any themes or make significant changes to the user-interface. Your existing plugins, themes and widgets should continue to work as normal. However, it is always a good idea to back up your WordPress install before you make any changes to your installation or upload any updates.

Back up your database using your web host’s backup tool or PHPMyAdmin. Download your entire WordPress folder so that you have a backup of all of the files that it contains. If you find that you have problems with WordPress after installing an update, the first thing to do is disable all of your plugins in the admin panel. If you cannot access the admin panel, use an FTP client to rename your plugins folder so that you are running WordPress without any plugins at all. Then gradually re-enable plugins to see if one of your existing plugins is causing a conflict.

If you identify a plugin that is causing issues, check with the developer to see if there is an updated version of the plugin. Most developers are quite responsive and will be happy to help their users if they encounter an issue caused by a WordPress update. If the developer cannot help you, there is a good chance that there will be an alternative plugin in the WordPress database that serves a similar purpose.

Youtube | E-Traffic
Blogging
YouTube Live Stream Threshold Reduced to 1000 Subscribers

Earlier in February 2017, YouTube announced that channels with 10,000 subscribers will be able to begin a live stream. However, they seem to have rolled a silent update as visible on this page which implies that the 10,000-subscriber threshold has been reduced to just 1,000 subscribers. According to the new …

Blogging
How You Can Start A Travel Blog

A travel blog can help you to travel all around the world. Many travel bloggers were able to visit places they would have never been able to see otherwise. In fact, some bloggers even get the chance to go on trips that are completely free. If you’ve always wished that …

wordpress-logo
Blogging
Top Blog Hosting Sites Available

When it comes to finding the top blog hosting sites online, there’s no denying that you have a broad range of options available these days. In fact, there’s never been a better time to start your new blog thanks to the diverse range of services available that can help you …