WordPress 3.8.2 Security Release

WordPress 3.8.2, a major security update, was released last April 8, 2014 to address multiple discovered vulnerabilities, one of which lets attackers force their way into a WordPress site by forging authentication cookies. Other notable security fixes included in the 3.8.2 release are as follows:

  • Prevent a user with the Contributor role from improperly publishing posts
  • Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests
  • Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files

To update your WordPress site, simply go to your Dashboard > Updates > Update Now. You can also go to this link to download the latest and most secure version of WordPress to date: http://wordpress.org/download/

Sites that support automatic background updates have already been updated to WordPress 3.8.2. However, if you are still using WordPress 3.7.1, you have been updated to 3.7.2, which contains the same security fixes as 3.8.2. Note that WordPress no longer supports versions older than 3.7.1 so it is best to update to the latest version instead.

Before doing any update, remember to backup your site as well as its databases, files, and folders.

The latest WordPress version available as of July 16, 2014 is WordPress 3.9.1.

Comments are closed.