WordPress (WP)version 4.9.3 was released an update earlier in this week with patches for a total 30+ vulnerabilities still unfortunately WordPress , the new version broke the automatic update mechanism for millions of blog.
WordPress team has now issued a new maintenance update, WordPress 4.9.4, to patch this severe bug, which WP admins have to install manually.
According to the security plugin WordFence, when WP CMS tries to determine whether the site needs to install an updated version, if available, a PHP error interrupts the auto-update process.
If not updated manually to the latest 4.9.4 version, the bug would leave your website on WP 4.9.3 forever, leaving it vulnerable to future security issues
WP lead developer Dion Hulse explained about the bug:
“
thus, WP administrators are being urged to update to the latest wp release manually to make sure they’ll be protected against future vulnerabilities.
To manually update their WP installations, admin users can sign into their WP website and visit Dashboard→Updates and then click “Update Now.”
After the update, make sure that your core WP version is 4.9.4.
However, not all websites being updated to the faulty update have reported seeing this bug. Some users have seen their website installed both updates (4.9.3 and 4.9.4) automatically.
Moreover, the company released two new maintenance updates this week, but none of them includes a security patch for a severe application-level DoS vulnerability disclosed last week that could allow anyone to take down most WordPress websites even with a single machine.
Since WordPress sites are often under hackers target due to its wide popularity in the content management system (CMS) market, administrators are advised to always keep their software and plugins up-to-date.