WordPress 4.4.2 Security Update is Out, Immediate Update Recommended

SMS Text
WordPress 4.4.2 Security Update is Out, Immediate Update Recommended

WordPress 4.4.2, a security update for all versions, is now available for download. WordPress is recommending that everyone update their sites immediately.

Two security issues were found in WordPress 4.4.1 and earlier, including possible SSRF for certain local URIs, and an open redirection attack.

Since these types of things fall outside my level of technical expertise, I did a bit of research to find out what they are and what kind of harm they can do.

SSRF stands for ‘server side request forgery’ and can be deployed by attackers to bypass access controls, such as firewalls, and ultimately crash your system.

An open redirect is a bit more straight forward. It would take a trusted site and redirect visitors to an untrusted site, with the goal to get visitors to land on phishing sites or any other type of malicious site.

While fixing the two major security issues, WordPress 4.4.2 also fixes 17 bugs found in the previous version.

WordPress 4.4.2 can be downloaded directly from the dashboard, or may already be downloaded if your site supports automatic updates.

Featured Image Credit: David Molina G / Shutterstock.com

Matt Southern
Matt Southern has been the lead news writer at Search Engine Journal since 2013. His passion for helping people in all aspects of online marketing... Read Full Bio
Matt Southern
Subscribe to SEJ!
Get our weekly newsletter from SEJ's Founder Loren Baker about the latest news in the industry!