Last night (Australian time), WordPress rolled out 4.7.5 without notice or fanfare. It purports to fix six vulnerabilities which are described on the wordpress.org blog. Being a security update, everyone is strongly encouraged to update their sites immediately.
Despite the severity of the vulnerabilities, this security update was a ‘minor’ release. By default, WordPress automatically updates core minor releases, so you may find that your website has already been updated. Some developers do switch off automatic updates so they can test compatibility before rolling it out, but being a minor release, it should be safe to push this update through on all 4.7.4 installations.
The team at Wordfence point out that there might be more to this update than initially meets the eye:
I’m concerned that this release may have fixed more than the vulnerabilities that have been detailed on the WordPress blog. That would not be without precedent.
On January 26th WordPress released 4.7.2 and they delayed disclosing a vulnerability for a week. That vulnerability was the infamous WordPress defacement vulnerability which resulted in hundreds of thousands of sites being defaced and multiple highly active attack campaigns.
We don’t have any data at this time on whether this release includes an additional security fix that is unannounced. But recent history indicates it is probably a good idea to update immediately.
The security of your online presence is more important than ever. If this kind of thing isn’t your forte, or you just don’t have the time to stay on top of it, we can help.
Contact us today for a free WordPress security check and let us show you how we can bring peace of mind.