What is New in WordPress 4.4.2

WordPress had recently launched new version 4.4.2 last month in February. I would like to discuss what is the update is all about and how to update your WordPress easily.

There are two main security updates which were implemented in the latest version of WordPress. Both changes belong to SSRF (Server-side request forgery) attacks. SSRF is a type of attack where it appears a request is being sent from the server to client bypassing access controls.

What is an SSRF attack?

SSRF is a very dangerous attack where an attacker gets control of the server and send the malicious attack to the client. As there are various connections from the server which does not require authentication, these attacks can cause loss of data or damage the reputation of your website. Read this collectiveray article on http error 500 wordpress and see if it helps.

SSRF attack example

So as you see from the picture above, a local Memcached server is able to connect to a client without authentication and can run any commands. So the attacker can run any command and execute it on the client.

Lets see and understand the two security issues which were fixed for this upgrade:

  1. HTTP: is not a valid IP (Reported by Ronni Skansing )-  This change is to prevent SSRF attacks where a local IP can start with a zero while trying to make a local connection. This fix is to prevent when an IP starts with a zero.
  2. Better validation of the URL used in HTTP redirects (Reported by Shailesh Suthar ) – This fix will make sure the URL is in the correct  format. This will check the URL format and validate it.

There are some other small fixes related to MYSql, comments and widgets. For more technical detail about the fixes, please follow this link.

This post will Guide you step by step process for backup of your WordPress:

How to Take Backup your WordPress Blog- Complete Guide

You need to make sure you update your WordPress immediately as soon as you receive notification. As you can see almost every WordPress update involves security fix, failing to update may put your blog in danger. Now you may enjoy its advantages:  Scepter Marketing is your digital marketing agency.

This video tutorial will help you to backup and update your WordPress.

“Remember you must backup your data, plugin and database before performing WordPress update”

Conclusion – This tutorial will help you to learn about latest WordPress 4.4.2 upgrade and how to update your WordPress blog. If you are facing any issue before or after the upgrade, please use the comment section. I would love to help you.

  • Thanks for sharing the intellect behind the update… I just upgraded without knowing the information behind 🙂

    • Hi Shweta, ty for comment. It may not be required to understand technical details of the upgrade, but you must take backup of your blog before the update. You can use backup from your web hosting or plugin like Updraftplus.

    • Sometimes I just think that people write an

        d dont really have much to say. Not so here. You definitely have something to say and you say it with style, my man! You sure do have an insteerting way of drawing people in, what with your videos and your words. Youve got quite a one-two punch for a blog!
  • Hi Ravi,
    Thanks for sharing this best collection of Information related to new WordPress update 4.4.2 yeah this is cool and awesome in use but they should also need to update some necessary plugins as now Yoast is extra awesome after update .

  • >