WordPress 4.6.1 is secure compared with earlier versions.

WordPress has proved to be the top and most popular Content Management System (CMS) in the world. Nearly 26% of the web is powered by WordPress, as of March 2016. Since it is one of the largely used CMS, the threats are wide open, and the data are vulnerable to security risks. WordPress community is one of the most active community offering continuous support. When it comes to security, secure your WordPress website with the available plugins developed by the community.

WordPress 4.6.1As a recent announcement, WordPress has launched 4.6.1 update focusing more on improving the data security and also, insisted everyone update their sites immediately to avoid security breach in any norms. The main reason for this updates is that the previous versions 4.6 and earlier were affected by two security issues:

  • Path traversal vulnerability
  • Cross-site scripting vulnerability

Version Release Details:

Reported by Dominik Schilling, the path traversal vulnerability was in the update package uploader. He is the member of the WordPress security team and led the WordPress 4.6 development. This threat paves the way for the attackers to gain unauthorized access to restricted directories and files using HTTP exploit. The second is a cross-site scripting vulnerability in the images filenames, reported by Cengiz Han Sahin, a SumOfPwn researcher. Using this threat, the attackers can inject malicious JavaScript code into the software through a crafted image file. Many bug hunters and security researchers of various levels of expertise gathered for a big bug hunting session to ensure they make WordPress more secure by identifying the security issues and patching it.

WordPress has patched these vulnerabilities in this release which makes the update the most secured compared with 4.6 and earlier versions. The release not only came out with the security patches but also with 15 other bug fixes from WordPress 4.6. The bug fixes include the strange behavior of backspace, email server setup, RTL problem, plugin install infinite loop errors and more. Get the complete fixes details from the Core.

Is this update necessary?

It is an apparent fact that updates are mandatory as updates carry fixes of bugs. WordPress is considered to be the world’s most popular CMS, and it’s open source which means the codes are available free. The attackers can plan for a security attack for various reasons using the loop-holes in the base codes. WordPress team is on top as they continually monitor and alters the codes to make it secured. WordPress 4.6.1 is one such as it carries two security patches along with 15 other bug fixes. It clearly states that when updated to 4.6.1, the WordPress websites are sure to be secured from vulnerabilities.

Who are the contributors?

WordPress has also listed the contributors of this version, Hulse, Robert D Payne, Drew Jaynes, Marius L. J. (Clorith), Felix Arntz, Fredrik Forsmo, Gary Pendergast, Ian Dunn, Ionut Stanciu, Jeremy Felt, Joe McGill, Pascal Birchler, Sergey Biryukov, geminorum, and Triet Minyy

How To Update?

Log in to your dashboard and click “Update Now” from Updates menu or download WordPress 4.6.1. Sites that support automatic background updates have already begun to update to the newer WordPress version.