Goodbye manual WordPress updates, hello Manage WP Automatic Updates

WordPress team has now issued a new maintenance update, WordPress 4.9.4, to patch this severe bug, which WP admins have to install manually.

If not updated manually to the latest 4.9.4 version, the bug would leave your website on WP 4.9.3 forever, leaving it vulnerable to future security issues

#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human error, the final commit didn’t have the intended effect and instead triggers a fatal error as not all of the dependencies of find_core_auto_update() are met. For whatever reason, the fatal error was not discovered before 4.9.3’s release—it was a few hours after release when discovered.

To manually update their WP installations, admin users can sign into their WP website and visit Dashboard→Updates and then click “Update Now.”

After the update, make sure that your core WP version is 4.9.4.

However, not all websites being updated to the faulty update have reported seeing this bug. Some users have seen their website installed both updates (4.9.3 and 4.9.4) automatically.

Moreover, the company released two new maintenance updates this week, but none of them includes a security patch for a severe application-level DoS vulnerability disclosed last week that could allow anyone to take down most WordPress websites even with a single machine.

Since WordPress sites are often under hackers target due to its wide popularity in the content management system (CMS) market, administrators are advised to always keep their software and plugins up-to-date.