For my clients maintaining their own site, it’s time to update WordPress.
February 2, 2016 – From WordPress.org:
WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Thank you to both reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes. Read more.
Updating your version of WordPress
- First and foremost, create a complete site backup before updating WordPress. There are backup plugins available to assist you with this process (I use Updraft Plus).
- Goto your Dashboard, click on Updates
- Click Update Now.