WordPress security and bug fix updates are released from time to time, and because we want all Oakley Studio client websites to remain secure, we check for those updates every day, first thing each morning. When our daily checks show there is a new version of WordPress released, we go ahead and install it immediately on all our client sites. (We’re checking for Plugin and Theme updates also, because security updates can show up in these components too. There are usually a few updates to install and test every single day.) Since some of these updates are security fixes, we don’t want to wait to get those updates done. WordPress has an auto-update mechanism that is triggered when a new update is released, but some sites are slower than others to run the auto-updater. We prefer to be proactive and perform those updates sooner rather than later.
Tale of Two Updates
This week was an unusually busy week for WordPress updates. WordPress version 4.9.3 was released on Monday… and just a day later WordPress version 4.9.4 came out. Why two updates in just two days?
That was unusual, so I had a look at the WordPress “change log” which lists everything that is new and different in each version of WordPress. Version 4.9.4 had only one little itty bitty change: it fixed the auto-updater, which had been broken with the version 4.9.3 update!
That auto-update mechanism is really important because it helps ensure timely installation of security updates. Many WordPress sites running version 4.9.2 would have auto-updated to 4.9.3… and now will no longer be able to auto-update! Their owners will need to perform a manual update in order to get the auto-updater working again. Many site owners do not log into their WordPress dashboard regularly. Among those who do, some may not recognize when there are updates that need to be installed, or have any sense of urgency to get the job done. That puts their sites at risk if/when a new vulnerability in the WordPress code base comes to light, or when a new method is discovered to break into outdated sites.
The “black hat” hackers are always probing, looking for ways to gain access, and escalate their privileges to admin level in order to take over these outdated sites and use them for nefarious purposes. (That’s a whole ‘nother blog post in itself.)
Here at Oakley Studio, we know that all website owners are busy busy busy, and sometimes don’t get around to doing their updates in a timely manner. That’s why we monitor for these updates and do them for the benefit of our clients — every single day. We love to tell people, “Our brand represents defense against the dark side of the internet.” Why? Because we do updates every single day.
We Got It Covered
So Monday we upgraded all our client sites to WordPress version 4.9.3, and on Tuesday we upgraded them all again to version 4.9.4, which fixed this broken auto-update problem. We got it covered. All Oakley Studio websites are able to auto-update to the next version, whenever it is released. If you have friends, family, or associates who have self-hosted WordPress sites at HostGator or GoDaddy or BlueHost or any of the other big commodity hosting firms, please help get the word out because those site owners need to sign in to their sites and manually update any installations that are stuck on version 4.9.3… before they get hacked.