A detailed insight into WordPress 3.9.2 Security Release

Ever since its release in the year 2003, WordPress has been introducing innovative versions which have proved beneficial for a wide group of web designers and developers. Bugs encountered in one version of WordPress are fixed in its succeeding version. In-line with this saying, WordPress has recently rolled out its 3.9.2 version as a security release for all the previous WordPress versions. WordPress community strongly recommends all WP users to update their site with this version on an immediate basis. To know more about this WordPress security release, keep on reading this blog as here I’d be covering some crucial details about the same.

WordPress 3.9.2- What’s the sole reason behind releasing it?

The basic purpose behind releasing WordPress 3.9.2 is to fix the possible denial of service issue that tends to crop in during PHP and XML processing. Although this issue was originally reported by Nir Goldshlager of the Salesforce.com Product Security Team, it’s interesting to note that the problem was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. Since the same issue was found in Drupal as well, so the two teams behind WordPress and Drupal chose to cooperate with each other to collaboratively solve the problem.

Also read: A Noteworthy Guide for Launching a Self Hosted WordPress Site

WordPress 3.9.2- Additional security changes

The reason behind to opt for PSD to WordPress Theme conversions services is also that in addition to fixing the issue of denial of service during PHP/XML processing, WordPress 3.9.2 is equipped with a variety of other security changes including the ones mentioned below:

• It prevents information disclosure via XML entity attacks existing in the external GetID3 library. This security change was discovered by Ivan Novikov of ONSec.

• It fixes all possible yet unlikely code execution issues existing during the widget processing phase. This security change was discovered by Alex Concha of the WordPress security team.

• It adds protection against brute attacks for CSRF tokens. This incredible security change was noticed and reported by David Tomaschik of the Google Security Team.

• It comprises of some add-on security hardening measures such as preventing cross-scripting, which can be easily triggered by the website administrators.

WordPress 3.9.2- Is it applicable for all WordPress versions?

Well, the genuine platform for such CMS conversion is that the security vulnerability exists in all WordPress versions from 3.5 to 3.9.1, it’s essential to manually update all the WordPress powered websites in order to stay protected. It’s worth noting that the automatic updates for security releases was just introduced for WordPress 3.7. This left the WP users of 3.6 and 3.5 versions vulnerable to possible security breaches. Also, as per a statistics on WordPress.org, around 26.8% of all WordPress enriched websites are still not auto updated and among them about 18.8% are still running on WordPress 3.5.

Also Read: Does Conversion from PSD to WordPress Leverage Business

Conclusion

Updating your existing WordPress website to 3.9.2 will serve you with amazing results for your site’s security. While the sites with automatic updates configured can get updated within 12 hours, the ones with older versions need to be updated manually, which might consume a bit more time that’s actually worth investing for keeping your site safe.