White Glove Support subscribers need not do a thing. I will handle the complete backup and update process for you automatically!
This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you. [WordPress.org]
- Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
- Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
- Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
- Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
- Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
- Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
- In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
You can browse the full list of changes on Trac. For more info, browse the full list of changes on Trac or check out the Version 5.2.3 documentation page. WordPress 5.2.3 is a short-cycle maintenance release. The next major release will be version 5.3.
IMPORTANT: 5.2 includes a PHP Version Bump: The minimum supported PHP version is now 5.6.20. As of WordPress 5.2, themes and plugins can safely take advantage of namespaces, anonymous functions, and more! If you are running an old version of PHP (less than 5.6.20), update your PHP before installing 5.2.
New features in the 5.2 update make it easier than ever to fix your site if something goes wrong. There are even more robust tools for identifying and fixing configuration issues and fatal errors.
Site Health Check: Building on the Site Health features introduced in 5.1, this release adds two new pages to help debug common configuration issues. It also adds space where developers can include debugging information for site maintainer.
PHP Error Protection: This administrator-focused update will let you safely fix or manage fatal errors without requiring developer time. It features better handling of the so-called “white screen of death,” and a way to enter recovery mode, which pauses error-causing plugins or themes.
Accessibility Updates: A number of changes work together to improve contextual awareness and keyboard navigation flow for those using screen readers and other assistive technologies.
New Dashboard Icons: Thirteen new icons including Instagram, a suite of icons for BuddyPress, and rotated Earth icons for global inclusion. Find them in the Dashboard and have some fun!
Plugin Compatibility Checks: WordPress will now automatically determine if your site’s version of PHP is compatible with installed plugins. If the plugin requires a higher version of PHP than your site currently uses, WordPress will not allow you to activate it, preventing potential compatibility errors.
You can download WordPress 5.2 or visit Dashboard → Updates and click Update Now.
WordPress Updating Tips
WARNING: The upgrade process will affect all files and folders included in the main WordPress installation. This includes all the core files used to run WordPress. If you have made any changes to those files, your changes will be lost.
When updating WordPress themes or plugins following the simple steps below can save you some headaches. With full revision updates (for example: 4.x to 5.0):
Doing a quick double-check with theme and plugin developers *before* updating to see if they have any concerns or comments about your theme and the new version is wise. If you are using quality a theme and plugins the developer(s) will be on top of this.
To help you safely and easily update to the most recent version of WordPress.
Before you update we need to do a little housekeeping:
- Save your WordPress XML file to your hard drive. You do this by clicking on the Tools icon in the left sidebar and then Export. On the next screen click on Download Export File. You might want to create a new Folder on your hard drive where you keep all your Website files. Name it WP Backup so you know to save all backup files for WP there (and you'll know where to find them if you need them). It is a good idea to back up this file once a month anyway regardless if an update is needed.
- Backup your WordPress database. If you are on a Managed WordPress Hosting platform, go to your hosting Dashboard and create a backup-point there. On most WordPress Managed hosts you can create a "backup-point" in your hosting dashboard which backs up your site at that moment in time. If you are on shared hosting, there is a nifty plugin that makes this process a no-brainer, UpdraftPlus WordPress Backup Plugin. This plugin is also a must have for repairing and optimizing your database (which you should be doing minimally monthly to keep things running smoothly).
- FTP into your Web hosting server and download a copy of your database backup so you have a copy off your server. That backup won't do you any good if the server crashes or has issues. Even better, store the backup file in the cloud or on an external drive in case you have computer problems.
- Cover all the bases and download your theme/framework/child theme folders to your local hard drive. This is just good practice if you have customized any theme files.
- Then, to be safe, deactivate all plugins before upgrading.
Not comfortable backing up everything and updating yourself? Subscribe to my WordPress White Glove Support Service and I'll handle everything for you with the bonus of extra coaching and business intelligence you can use to grow your site!
It is a good idea to review my article:
WordPress How To: Do the Mother of All Backups
Don't forget to reactivate and update your plugins. You'll see with each WordPress update that plugin developers also update their plugins which you can also do with one click. You'll see the nag bar under the plugin name in the plugins area with a link to "update now."
If you find after an update that something is not working as it was, go through the systematic process of deactivating your plugins one at a time until you find the culprit. If the developer has not updated his/her plugin to work with the lasted update, find another plugin whose developer is on top of these things! [READ: How to Easily Fix a WordPress White Screen (and Troubleshoot for Conflicts)]
Updating should not be ignored or put off. When you keep up with WordPress, have a Premium Theme and Plugin updates, you are not only keeping up with technology, but you make sure your site is secure and functioning error free.
At your service,