As you may or may not have heard yet, last week, the WordPress project issued an update (4.9.3 Maintenance Release) that had a vulnerability flaw in it. The good news is, it was caught almost immediately and within a few hours a patch (4.9.4) was released.
As WordPress states in their blog, the 4.9.3 release of WordPress “will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4.”
Why is the 4.9.4 release so important? Updating to 4.9.4 is important because it allows your site to get automatic security updates without any intervention from you. If you do not take action and update your site to 4.9.4, when new security patches are released, your site will remain vulnerable.
The good news is that your actions aren’t many, and you have several ways you can update your WordPress site so that it continues to receive updates.
Three ways to update to WordPress 4.9.4:
- Log into your WordPress Administration area and under Dashboard > Updates, click “Update now.”
- If you have command line access, you can use WP-CLI and run wp core update and it will take care of everything for you.
- You can manually use sFTP to download the latest version from WordPress.org and use sFTP to upload it to your site. (Be sure not to overwrite your wpconfig file or your /wp-content folder.)
Please also note, for those customers on our Nexcess Managed WordPress or Managed WooCommerce Hosting platforms, we have already updated your WordPress install; you do not need to take any action.
