4.3.1. UPDATE 09.15.15
“WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.
- WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714).
- A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
- Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).
Our thanks to those who have practiced responsible disclosure of security issues.
The 4.3 Update includes:
- Menus in the Customizer: Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.
- Formatting Shortcuts: Your writing flow just got faster with new formatting shortcuts in WordPress 4.3. Use asterisks to create lists and number signs to make a heading. No more breaking your flow; your text looks great with a * and a #.
- Site Icons/Favicons: Site icons represent your site in browser tabs, bookmark menus, and on the home screen of mobile devices. Add your unique site icon in the customizer; it will even stay in place when you switch themes. Make your whole site reflect your brand.
- Better Passwords:Keep your site more secure with WordPress’ improved approach to passwords. Instead of receiving passwords via email, you’ll get a password reset link. When you add new users to your site or edit a user profile, WordPress will automatically generate a secure password.
- A smoother admin experience – Refinements to the list view across the admin make your WordPress more accessible and easier to work with on any device.
- Comments turned off on pages – All new pages that you create will have comments turned off. Keep discussions to your blog, right where they’re supposed to happen.
- Customize your site quickly – Wherever you are on the front-end, you can click the customize link in the toolbar to swiftly make changes to your site.
WordPress Updating Tips
When updating WordPress themes or plugins following the simple steps below can save you some headaches. With full revision updates (for example: 3.x to 4.0): Doing a quick double-check with theme and plugin developers *before* updating to see if they have any concerns or comments about your theme and the new version is wise. If you are using quality a theme and plugins the developer(s) will be on top of this.
Step-by-step instructions to help you safely and easily update to the most recent version of WordPress.
Before you update we need to do a little housekeeping:
- Save your WordPress XML file to your hard drive. You do this by clicking on the Tools icon in the left sidebar and then Export. On the next screen click on Download Export File. You might want to create a new Folder on your hard drive where you keep all your Website files. Name it WP Backup so you know to save all backup files for WP there (and you’ll know where to find them if you need them). It is a good idea to back up this file once a month anyway regardless if an update is needed.
- Backup your WordPress database. There is a nifty plugin that makes this process a no-brainer, WP-DBManager. This plugin is also a must have for repairing and optimizing your database (which you should be doing minimally monthly to keep things running smoothly).
- FTP into your Web hosting server and download a copy of your database bakcup so you have a copy off your server. That backup won’t do you any good if the server crashes or has issues. Even better, store the backup file in the cloud or on an external drive in case you have computer problems.
- Cover all the bases and download your theme/framework/child theme folders to your local hard drive. This is just good practice if you have customized any theme files.
- Then, to be safe, deactivate all plugins before upgrading.
It is a good idea to review my article:
WordPress How To: Do the Mother of All Backups
Once you get the above tasks accomplished, follow the links in the nag bar (it’s called a nag because that yellow bar will be up there “nagging” you until you take care of the important issue noted) and update your site to the latest version of WordPress.
Then, don’t forget to reactivate and update your plugins. You’ll see with each WordPress update that plugin developers also update their plugins which you can also do with one click. You’ll see the now familiar yellow nag bar under the plugin name in the plugins area with a link to “upgrade automatically.”
If you find after an update that something is not working as it was, go through the systematic process of deactivating your plugins one at a time until you find the culprit. If the developer has not updated his/her plugin to work with the lasted update, find another plugin whose developer is on top of these things.
Updating should not be ignored or put off. When you keep up with WordPress, have a Premium Theme and Plugin updates, you are not only keeping up with technology, but you make sure your site is secure and functioning error free.
At your service,