WordPress 4.2.3 Security Update Applied

cover-photo The latest WordPress update is live since yesterday. For those of you who have opted in to our AutoUpdater or have enabled the WordPress internal system for automatic updates it should be now ready to use! Check out the official release notes for detailed information about the update and read on to see what we’ve done to further protect our customers.

It’s a Security Update

Although WordPress 4.2.3 addresses more than 20 bugs from the previous versions of the application, as usual, its focus remains on the security issues it has fixed. As stated in the official release post:

WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site.

This is why we’ve taken two steps to protect our customers:

  1. Zero-day Update: all of you who have subscribed to our AutoUpdater received the update immediately after its release
  2. Special WAF Protection: our own security team has assembled a special rule for our application firewall that will protect those of you who have not been updated to the latest version.

This WAF method is proven to be the safest and least intrusive way to protect you from any potential hacks without any modification to your content. However, we strongly recommend that you update to the latest WordPress version – our security rules only shield you from hacking attempts, but do not patch the security holes in your site!

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.


Please check your email to confirm your subscription.

author avatar

Hristo Pandjarov

Product Innovation Director

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments ( 1 )

author avatar

Leho Kraav @lkraav

Jul 24, 2015

@hristo there's a pretty big s***storm over how core changed the shortcode api in 4.2.3 seemingly overnight and broke *a lot* of sites. ​https://core.trac.wordpress.org/ticket/15694 ​https://core.trac.wordpress.org/ticket/33102


Start discussion

Related Posts