WordPress 5.2 has just dropped with more security than you can shake a stick at

WordPress 5.2 has just dropped :). This is a major security release for WordPress and needs to be rolled out to all sites immediately. The new release is named “Jaco” in honour of renowned and revolutionary Jazz bassist Jaco Pastorious.  If you want to listen to Jaco, please find a video at the end of this post to listen to while we work on updating your site 🙂

Our team will be working on making sure your site is up to date with the new security release and making your WordPress website secure. You and your team will be notified when the upgrade is complete.

This Security Release version focuses on Making WordPress more secure from malware and attacks while helping you run it error-free.

We are really excited about all the new security features that web designers have been waiting years for on this Security Release.

In this post, we will look at what’s new in WordPress 5.2, and which features you should notice or play around with after updating to this version.

To view all the updates, bug fixes and new features included in this new version, please visit on over here.

Lets find out what new features are available in WordPress 5.2.

Whats new in WordPress 5.2?

This latest update of the most popular website CMS in the world comes with the following features:

Site Health Check

Site Health Check feature has had an update from the previous version and now has two new pages to help debug most configuration issues in WordPress. These new pages give you site status and recommendations as well as overall info on your site which includes directories, drop-ins, active themes, themes, plugins, media handling, server, database, wordpress constants and filesystem permissions.

WordPress Site health check

WordPress site health info

PHP Error Protection

This update builds up on previous error protection and allows an administrator or developer to safely fix 500 errors or “white screen of deaths”. This update also bring the recovery mode which allows you to log in without plugins/themes.

Minimum PHP version

With WordPress 5.2, the minimum php requirement is now 5.6.20. Using a later version of php makes your site safer and faster. So please make sure that your PHP is upgraded before you run this update.

Other updates

There are a host of other updates mostly focused on developers and making it easy for them to develop your site easier such as a new theme page template, a conditional function, two css classes, a new body hook (wpbodyopen) and addition of webpack and babel configurations under scripts.

About WordPress

WordPress is the most popular website CMS in the world. The latest version of WordPress has been downloaded more than 50 million times. Did you know that 60% of all CMS run websites run on WordPress.

NetON WordPress Security Release Update Policy

WordPress security is one of the most important considerations for us. We want to make sure that your WordPress website is safe, malware free and attack-resistant. The NetON team will immediately update your WordPress website installation on our hosting as we do with any Security Release.

The new Security Release 5.2 of WordPress makes your site safer and faster. If your WordPress site is not hosted with us, you should upgrade your PHP asap and update your WordPress to the latest version.

NetON WordPress development services

NetON is proud to provide a 360 degree solution of WordPress development in both Melbourne and Sydney Australia.

We offer WordPress Website Development, WordPress Website Design, WordPress Website Hosting, WordPress security, Maintenance, WordPress SEO Optimisation and Upgrades.

Whether you are starting a small blog or an enterprise fortune 500 company, we can help build and maintain your WordPress website for the best results online.

Our WordPress websites are customised based on your busines and you requirments. We have built large scale eCommerce websites, traffic generating/ad revenue websites, community building websites, Business 2 Business Websites and Business 2 Customers website. All of them are completely different in their lead generation and revenue models.

Please reach out to one of NetON’s Account Managers for more of our services.

Our contact details are on the Contact Us Page.

WordPress 5.2 Demo website

Want to try out all the new features :).

NetON maintains and upto date demo site of the latest version of WordPress that you can browse through.

Click here to view WordPress Demo site“.

Please ask us for a username/password to test the site. This will let you test run all the new features without putting your live website at risk.

And here is a tune from Jaco Pastorius to listen to while we are updating your site:

WordPress Jetpack Critical Vulnerability, Update now

Internet security this week has taken a hammering with HeartBleed and now critical vulnerability has been discovered in Jetpack  which is probably the most used plugin for WordPress.

If you are using Jetpack in your WordPress site, please make sure you update it straight away to version 2.9.3

Here is the information from the Jetpack blog

During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

Fortunately, we have no evidence of this being used in the wild. However, now that this update is public, it’s just a matter of time before exploits occur. To avoid a breach, you should update your site as soon as possible.

This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.

WordPress 3.8.2 Security Release now updating all sites

While WordPress 3.9 is just around the corner and releasing next week (fingers crossed), A WordPress security update came out today. WordPress 3.8.2 is a patch and security release for 3.8 and is a mandatory/auto update because of the HeartBleed vulnerability.

HeartBleed is a major Internet security flaw discovered on Monday. It is a flaw in the online security protocol Open SSL (Secure Sockets Layer).  Experts are calling it a devastating security flaw. Surprisingly it has been around for 2 years and currently affects over 60% of the internet.

The HeartBleed official site cites

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.


If you are a NetON customer, most likely you were already udpated. However it will be worth logging into your site to make sure that you are on 3.8.2

If you are not a customer, make sure you update to WordPress 3.8.2 as soon as you can. The new update is a automatic update, so most likely WordPress has automatically updated you but there are chances that won’t happen because of a number of reasons. If you are using HTTPS its essential that you update the site ASAP.

Security Updates and bug fixes on this release:

  • WordPress 3.8.2 releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies.
  • It also contains a fix to prevent a user with the Contributor role from improperly publishing posts.
  • This release also fixes nine bugs and contains three other security hardening changes.

WordPress Security–3.5.2 Security Update

Great to see a security update for WordPress 3.5.2

WordPress 3.5.2 Maintenance and Security Release. This release adds a number of security fixes including:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

Additionally: Version 3.5.2 fixes seven security issues:

  • Server-Side Request Forgery (SSRF) via the HTTP API.
  • Privilege Escalation: Contributors can publish posts, and users can reassign authorship.
  • Cross-Site Scripting (XSS) in SWFUpload.
  • Denial of Service (DoS) via Post Password Cookies.
  • Content Spoofing via Flash Applet in TinyMCE Media Plugin.
  • Cross-Site Scripting (XSS) when Uploading Media.
  • Full Path Disclosure (FPD) during File Upload.

Additional security hardening includes:

  • Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
  • Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
  • XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

All of our existing client installations will automatically be updated.