WordPress 4.4.2 Security Update is Out, Immediate Update Recommended

SMS Text
WordPress 4.4.2 Security Update is Out, Immediate Update Recommended

WordPress 4.4.2, a security update for all versions, is now available for download. WordPress is recommending that everyone update their sites immediately.

Two security issues were found in WordPress 4.4.1 and earlier, including possible SSRF for certain local URIs, and an open redirection attack.

Since these types of things fall outside my level of technical expertise, I did a bit of research to find out what they are and what kind of harm they can do.

SSRF stands for ‘server side request forgery’ and can be deployed by attackers to bypass access controls, such as firewalls, and ultimately crash your system.

An open redirect is a bit more straight forward. It would take a trusted site and redirect visitors to an untrusted site, with the goal to get visitors to land on phishing sites or any other type of malicious site.

While fixing the two major security issues, WordPress 4.4.2 also fixes 17 bugs found in the previous version.

WordPress 4.4.2 can be downloaded directly from the dashboard, or may already be downloaded if your site supports automatic updates.

Featured Image Credit: David Molina G / Shutterstock.com

Matt Southern
Matt Southern has been the lead news writer at Search Engine Journal since 2013. His passion for helping people in all aspects of online marketing... Read Full Bio
Matt Southern
Subscribe to SEJ!
Get our weekly newsletter from SEJ's Founder Loren Baker about the latest news in the industry!
  • Siri Innovations

    Really it was good news because if we get the security update we will conform and update the word press plugins which cant disturb our website. Now lots of websites need to be update for good results.

  • aditarani

    thank you so much for giving such a grate post i really have grate use of this post and appreciated for you work thanking you

  • Hemang Rindani

    WordPress is a great enterprise web content management system with amazing functionalities that help to design, develop and manage some powerful websites. Easy to use interface, flexibility, scalability and thousands of built-in modules, themes and plugins make WordPress a popular platform that developers like to adopt and thus has been adopted by many businesses. Usually security is not a concern with WP sites, however with increasing popularity, it has been attacked too often. From the SSL injection to SSRF and an open redirection attack, there have been various such attacks. WordPress’ team has been doing well to cover up these vulnerabilities by providing patches. Versions starting from 4.2 are assumed as strongest releases that has addressed uncountable number of loopholes and the latest version 4.4 have other few amazing changes that makes life easier for WordPress users.