WordPress & Joomla – Release Summary – October 2016
- No new releases this month
- Current release: 4.6.1 SECURITY RELEASE– released September 7, 2016
- Next scheduled release: 4.7, December 6, 2016
Well, that’s correct, you should update your website software… figuratively speaking, of course. When I say “You should update your software”, well, I don’t necessarily mean YOU, yourself, should do it. I mean you should ensure that it gets done… that someone does it.
So why do I bring this up? Well, when you login to your site’s admin screen or dashboard, you may have seen messages telling you that updates are available and asking you to proceed to update your site. And technically, if you can see the prompts, you can perform the updates with just a few clicks. However, those messages are really meant for website administrators. And often, these messages are seen by other users, not just administrators. So if you aren’t the website administrator, it’s best to notify him/her about these messages.
Many website owners are set up with a login username on their site by someone else, maybe a web designer or an administrator did it for them. Many times, the owner is set up with a role that has more authority than he/she really needs… including the highest level, a super admin. This can be a very dangerous thing!
Do you know what your role is on the website? Do you just need to add new articles or posts once in a while? Or maybe you need to approve other users’ articles before publishing? Are you the website administrator who takes care of all the technical stuff? Do you really need to log in to the admin area / dashboard at all?
The point is, it’s important to know your role on your website, and your authority / access should reflect that role. For example, if you only need to post articles, you should not have authority to update software. The website administrator’s role is typically to install, update, remove and test software. They also will create website backups to ensure a way to recover from problems. If this doesn’t sound like what you normally do, then you probably shouldn’t be updating website software.
Some examples:
Your content management (CMS) website, be it WordPress or Joomla, needs periodic maintenance to ensure adequate security.
When you choose to use a content management website, you must make a commitment to periodically maintain it. If software updates are not applied, it’s not a question of IF a website will be hacked, it’s a question of WHEN. If your site gets hacked or infected with malware, Google will flag your site as “unsafe” and warn people not to visit it.
On a content management site, there are many software components such as the core platform, various plugins, a theme, etc. At any given time, this mix of software often contains security vulnerabilities. This is an unfortunate and inevitable byproduct of open source content management systems.
“…the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components… the integration of plugins, extensions, components, modules, templates, themes…”
from Sucuri’s blog post Website Hacked Trend Report 2016 – Q1
That said, these vulnerabilities usually get fixed relatively quickly thus minimizing the threat to your website. But here’s the problem: website owners must take action to get these fixes applied to their websites. And they very likely don’t know they have software that needs updating. They don’t know their sites are at risk of being hacked. If vulnerable software is not updated, hackers will eventually find a way to gain access to the site. The best defense is to simply keep your site software updated.
As a rule of thumb, have your website software checked and updated at least monthly. It’s critically important to your website’s security to have software updates applied on a regular basis.
Whether you are running WordPress or Joomla software to power your website, it’s extremely important to be on the most current version to avoid hacker attacks and other malware issues.
So how do I know what version I’m running?
Good question, glad you asked! Well, there are a few methods you can try to get this information depending on which software you are running. It’s possible these methods will not work under your specific configuration, but it won’t hurt to give them a try.
Security Release
This release addresses six important security issues, so you should ensure your site gets updated ASAP. Here’s the official blog post from WordPress.org with details of what is contained in the release.
If you have automatic background updates enabled, that’s the default setting for minor and security releases, then you should receive an email from your site when it has been updated. The email is sent to whomever is designated to receive admin emails in your General Settings. I received several of these notifications yesterday covering the sites I manage.
So to ensure your site’s security, please check that your site is updated. Also, keep your eye out for the next major release, WordPress 4.3, slated for release on August 18.
I’ve already written about the importance of updating your website software because hackers take advantage of sites running older, out of date software often containing well known bugs and vulnerabilities.
If you’re a website owner running WordPress, Joomla or other popular CMS, this is a serious issue that shouldn’t be ignored. We’re not just talking about Joe Schmo, amateur hacker here. We’re talking about large-scale, sophisticated attacks using sophisticated software on sophisticated networks. Did I mention they’re a sophisticated lot? And don’t be fooled into thinking hackers wouldn’t be interested in your small or obscure site. Hackers will attack any website regardless of size or purpose.