Yesterday’s release of WordPress Update to 4.9.3 accidentally broke the automated upgrade process
This security warning is different than most. It doesn’t address a breach, virus or any other specific vulnerability. Instead, it addresses an error that was accidentally introduced into the WordPress system during yesterday’s update to version 4.9.3. Because of this error, the WordPress update process no longer works automatically.
It seems this update accidentally messed up WordPress’ ability to automatically apply updates to the core product when a new version is made available.
Today, WordPress has released a fix for this mistake in version 4.9.4. Unfortunately, this update cannot be applied automatically! Since WordPress powers over 25% of all websites worldwide, it is important that individual site owners are made aware of this issue.
Anyone who has a website created with WordPress should login as administrator, select “Updates” from the administrative menu, and select the “Update Now” option in the subsection “An updated version of WordPress is available”. The update changes only three files and takes less than a minute to run.
This change should be made by your WordPress website administrator. If you don’t have a WordPress website administrator, you may contact me.
Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.