While WordPress 3.9 is just around the corner and releasing next week (fingers crossed), A WordPress security update came out today. WordPress 3.8.2 is a patch and security release for 3.8 and is a mandatory/auto update because of the HeartBleed vulnerability.
HeartBleed is a major Internet security flaw discovered on Monday. It is a flaw in the online security protocol Open SSL (Secure Sockets Layer). Experts are calling it a devastating security flaw. Surprisingly it has been around for 2 years and currently affects over 60% of the internet.
The HeartBleed official site cites
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Recommendation:
If you are a NetON customer, most likely you were already udpated. However it will be worth logging into your site to make sure that you are on 3.8.2
If you are not a customer, make sure you update to WordPress 3.8.2 as soon as you can. The new update is a automatic update, so most likely WordPress has automatically updated you but there are chances that won’t happen because of a number of reasons. If you are using HTTPS its essential that you update the site ASAP.
Security Updates and bug fixes on this release:
- WordPress 3.8.2 releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies.
- It also contains a fix to prevent a user with the Contributor role from improperly publishing posts.
- This release also fixes nine bugs and contains three other security hardening changes.