WordPress 4.6.1 is released and users are strongly encouraged to update immediately as it fixes two security vulnerabilities. The first is a cross-site scripting vulnerability related to image filenames that was reported by Cengiz Han Sahin, a SumOfPwn researcher. The second is a path traversal vulnerability during the download of the upgrade package, reported by Dominik Schilling, who led the development of WordPress version 4.6 and is a member of the WordPress security team.
In addition to security patches, this release fixes 15 bugs. Since the 4.6.1 version is now available, most sites should update automatically. However, if you want to update manually, go to your WordPress dashboard and select " Updates And click on the "Update Now" button. Users who experience issues with the update or with WordPress 4.6.1 are welcome to report them in the WordPress support forums.
Simplify your life with automatic updates
Some of you are afraid of different WordPress updates, and prefer to disable automatic updates. In fact, the updates bring little compatibility problem, and if there was a choice between enhanced security and consistent compatibility what will you choose ?
We have already asked you several times to leave updates activated. There are several ways to do this:
- A simple solution that will ask you to change the source code of WordPress. You can read Our tutorial above.
- Use an update manager. For anyone who wants to centralize updates on WordPress.
Do not forget themes and plugins
It's not just the WordPress system that needs updating. Even your Themes and plugins most often need to be updated, especially since most of the vulnerabilities come from these.
So you can use the above solution to use an update manager, where you can automate plugin updates.
We explain in a tutorial why you should always use an updated version of WordPress, if you want more reason to update.
