WordPress Security Update
We received information that WordPress required some very hasty security updates this morning.
We have updated all our client WordPress websites to maintain and secure their sites immediately and none of our managed sites have been affected owing to a quick response by the new update and SWB.
WordPress is now version 5.1.1. This security and maintenance update brings in 10 fixes and enhancements.
This release also included two security fixes that handle how comments are filtered and stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
The version was released after a member of the RIPS Technology security team discovered a security flaw. Luckily this was discovered quickly and the information passed on so that we could ensure none of our WordPress sites could be attacked by updating all our client sites to the new version.
Other highlights of this release include:
- We can now offer a button for our users to update PHP.
- The recommended PHP version used by the “Update PHP” notice can now be filtered.
- Several minor bug fixes.
You can view the full list of changes here at Trac
WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow which you can be assured we are ready and waiting to update on the day of release.
For more information on how we can help you set up, maintain and secure your websites, contact us firstname.lastname@example.org
Information sourced from WordPress.org