Auto-update convenience: WordPress upgrades itself to fix critical vulnerability

After yesterday’s upgrading of key WordPress plugins to fix a cross site scripting vulnerability, the WordPress team released version 4.1.2, which it described as a critical security release.

“WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site,” the WordPress team said in a blog post announcing the release. The release also fixed 3 other security issues including an SQL injection vulnerability in some plugins.

I got the notification of the new release at past midnight. Years back, that would have meant that I’d need to stay up very late, download the latest release, upload the files to the server and perform the upgrade for each of the site I’m running.

Now it’s automatic.

WordPress updates
AUTOMATIC UPDATES. The email notification I got last night that the WordPress running one of my sites has automatically updated to the latest security release — without any trigger or interventions from me.

Background update

Apart from being easy to set up and use, the background update system of WordPress is one of its best features. Manual updating of content management systems is tedious and if you run multiple websites, it can be frustrating.

With background and auto updating, WordPress makes sure that its users (at least those whose sites have been set up for it) always have the latest release and the corresponding security fixes that come with it.

Previously, I would have gotten the release notification from an alert triggered via RSS. Last night, I knew about version 4.1.2 after getting notified that one of my sites was already upgraded to the new release.

Other CMSes like Drupal, for example, not only do not have auto-updating but upgrading them can be so complicated and wearisome. Drupal upgrades, for example, can break features and introduce incompatibilities between major version updates. Remember CCK?

Support this blog and independent reporting on Cebu

Leave a Reply

Your email address will not be published. Required fields are marked *