WordPress 4.9.5: A Security and Maintenance Release

By Catherrine Garcia on May 23, 2018. Filed under: , , .

Recently, WordPress has introduced its new version “WordPress 4.9.6” which is a privacy and maintenance release. Shortly before, WordPress launched a version which is security and maintenance release, “WordPress 4.9.5”.

These vulnerabilities are a part of the whole mission of WordPress development and are considered low severity to enhance the security of the core application further.

Some of these vulnerabilities addressed are given below:

  • Use secure redirects when SSL is enforced – This changes the way the WordPress administration session login page behaves, using the safe_redirects configuration, which further guarantees the administrative login pages in WordPress development.
  • Escaping from the version string for use in generator tags – This prevents attackers from inserting malicious code into the version strings to gain unauthorized access to WordPress sites in the WordPress development.
  • By default, no longer treating localhost as the same host – This configuration allowed attackers to disguise themselves or impersonate the local machine that hosted the WordPress sites. This could allow attackers to move around the back of the host, which could allow access to sensitive data in WordPress development.

These vulnerabilities were discovered by security researchers and bug hunters. While addressing these vulnerabilities in WordPress development, it further complexes the WordPress core to cyber attacks.

Below, some of its major bug fixes are given that include:

  • Touchscreen support for cropping images
  • Previous styles on caption shortcodes
  • Improved compatibility with PHP 7.2

However, if you want to take advantage of all its features and bug fixes, then you must have a full version upgrade of WordPress. You can also download its new version from here.

The complete changelog of WordPress 4.9.5 is discussed below.

Security

  • Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases
  • Switch to wp_safe_redirect() when redirecting the login page when SSL is forced
  • Disallow localhost in wp_http_validate_url()
  • Escape HTML returned from get_the_generator()

Rest API

  • REST API JavaScript Client: Support an empty string for the nonce to disable sending the X-WP-Nonce header
  • Backbone client sending empty string in X-WP-Nonce header by default in some cases
  • Extend custom nonce functionality to collections

XML-RPC

Add default values to IXR_Message for PHP 7.2 compatibility to avoid PHP Warnings.

Users

Users list doesn’t display names if the last name is empty.

Media

  • Grid view – correct placeholder positioning during uploads
  • Fix image cropping on touchscreen devices
  • Revert max-width styles on caption shortcodes
  • On Media Settings screen, make the pairs of labels and inputs always stacked vertically, on both mobile and desktop screens
  • Correctly allow changing PDF thumbnail crop value
  • Avoid a PHP warning in wp_calculate_image_srcset() if a plugin returns a non-array value via wp_calculate_image_srcset() filter

Formatting

Avoid a PHP 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value.

Filesystem API

Avoid an infinite loop in wp_mkdir_p() when trying to determine the parent folder with open_basedir restriction in effect.

Customize

  • Correct closing tags in customize_themes_print_templates()
  • In menus: reset results when closing the ‘add items’ panel.
  • In menus: correct oversized viewport after dragging menu items

Build/Test Tools

Update prefixed CSS properties in about.css

Bundled Theme

  • Twenty Seventeen: underline links in comments
  • Bundled Themes: Bump version number and update changelog in Twenty Seventeen for 4.9.5 release

Twenty Seventeen WordPress Theme

Networks and Sites

Why should you use the latest version of WordPress for your WordPress development?

We often see regular updates on WordPress, but at the same time, we get into the dilemma whether to upgrade or note. Below, we can see the various reasons why should you upgrade to its new version whenever WordPress releases it.

1) Enhanced features set

Whether you are running a blog or business website, when you update to its latest version, you will get access to a new range of improved features which can make your site a lot more versatile and robust. You become able to perform those tasks which were not possible to do with its previous versions. In fact, WordPress development is continually attracting its users from across the world. It is because it comes with new set of features with each of its new release.

2) Great Performance

Nowadays, every business wants its business site with high-speed performance and which is easy to use. Any new update makes it possible for you as it ensures a superior user experience and smooth performance each time when user visit to your site. In fact, the quality performance is one of the essential factors in the success of a website, and this can be ensured after being upgraded to the latest version.

3) Bug Fixings

One of the primary reasons for the improved versions of WordPress is to correct the errors or bug fixings. Sometimes it happens that the errors seem to slip through the cracks, so it seems that small versions of WordPress are produced so that errors can be eliminated. If you face some problems, know that it’s time to make the switch to the newest and most recent version of WordPress to get complete WordPress development.

4) Secure

Since WordPress is an open-source CMS and 23% websites across the world is powered by WordPress. It becomes most targeted by hackers who can use the information to break the sites and even can easily study the codes. To avoid this issue, WordPress security experts are there who can study codes and get reported anytime if there is any mishappening occurred on the site. So, if you are an old version and not upgraded to the latest version, then you site become more prone to security vulnerabilities. Therefore, always stay up to date with every update of WordPress.

5) Compatible

You need to know how to update your WordPress website correctly to make sure that the software is compatible with the add-ons. If you install a new add-on while using an earlier version of WordPress, it may not be compatible with the new add-on, and you may need to update the version you are currently using to ensure compatibility with the new add-ons you have installed. In addition to this, you will not be able to take advantage of the latest features associated with the updated version.

Conclusion

So far we have seen, WordPress 4.9.5 update provides you various bugs fixings and comes with new security updates. Therefore, you might not be confused now for not upgrading to its latest version when you already know it’s amazing features to get an amazing business website. In fact, you can easily install WordPress 4.9.5 by performing simple steps:- visit Dashboard → Updates and click “Update Now.” However, the sites that support automatic background updates are already beginning to update automatically.

If you still found any difficulty with its installing or upgrading process, then you are free to get expert advice from our WordPress development team. We are a leading WordPress development company, providing expert WordPress development services for your projects and all your web development needs. Contact Us Today!

Catherrine Garcia is an experienced web developer, currently working as a freelance web. She enjoys her writing and always on the lookout for high-quality blogs.