WordPress had recently launched new version 4.4.2 last month in February. I would like to discuss what is the update is all about and how to update your WordPress easily.
There are two main security updates which were implemented in the latest version of WordPress. Both changes belong to SSRF (Server-side request forgery) attacks. SSRF is a type of attack where it appears a request is being sent from the server to client bypassing access controls.
What is an SSRF attack?
SSRF is a very dangerous attack where an attacker gets control of the server and send the malicious attack to the client. As there are various connections from the server which does not require authentication, these attacks can cause loss of data or damage the reputation of your website.
So as you see from the picture above, a local Memcached server is able to connect to a client without authentication and can run any commands. So the attacker can run any command and execute it on the client.
Lets see and understand the two security issues which were fixed for this upgrade:
- HTTP: 0.1.2.3 is not a valid IP (Reported by Ronni Skansing )- This change is to prevent SSRF attacks where a local IP can start with a zero while trying to make a local connection. This fix is to prevent when an IP starts with a zero.
- Better validation of the URL used in HTTP redirects (Reported by Shailesh Suthar ) – This fix will make sure the URL is in the correct format. This will check the URL format and validate it.
There are some other small fixes related to MYSql, comments and widgets. For more technical detail about the fixes, please follow this link.
This post will Guide you step by step process for backup of your WordPress:
You need to make sure you update your WordPress immediately as soon as you receive notification. As you can see almost every WordPress update involves security fix, failing to update may put your blog in danger.
This video tutorial will help you to backup and update your WordPress.
“Remember you must backup your data, plugin and database before performing WordPress update”
Conclusion – This tutorial will help you to learn about latest WordPress 4.4.2 upgrade and how to update your WordPress blog. If you are facing any issue before or after the upgrade, please use the comment section. I would love to help you.