WordPress administrators are once again in trouble.

WordPress version 4.9.3 was released update earlier in this week with patches for a total 30+ vulnerabilities still unfortunately, the new version broke the automatic update mechanism for millions of WordPress blog .

WordPress team has now issued a new maintenance update, WordPress 4.9.4, to patch this severe bug, which WordPress admins have to install manually.

According to security plugin WordFence, when WordPress CMS tries to determine whether the site needs to install an updated version, if available, a PHP error interrupts the auto-update process.

If not updated manually to the latest 4.9.4 version, the bug would leave your website on WordPress 4.9.3 forever, leaving it vulnerable to future security issues

WordPress lead developer Dion Hulse explained about the bug:

“#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human error, the final commit didn’t have the intended effect and instead triggers a fatal error as not all of the dependencies of find_core_auto_update() are met. For whatever reason, the fatal error was not discovered before 4.9.3’s release—it was a few hours after release when discovered.”

thus, WordPress administrators are being urged to update to the latest WordPress release manually to make sure they’ll be protected against future vulnerabilities.

To manually update their WordPress installations, admin users can sign into their WordPress website and visit Dashboard→Updates and then click “Update Now.”

After the update, make sure that your core WordPress version is 4.9.4.

However, not all websites being updated to the faulty update have reported seeing this bug. Some users have seen their website installed both updates (4.9.3 and 4.9.4) automatically.

Moreover, the company released two new maintenance updates this week, but none of them includes a security patch for a severe application-level DoS vulnerability disclosed last week that could allow anyone to take down most WordPress websites even with a single machine.

Since WordPress sites are often under hackers target due to its wide popularity in the content management system (CMS) market, administrators are advised to always keep their software and plugins up-to-date.

source : The hack news and onwesweb.com

More than 4,000 websites infected by ‘crypto mining’ malware

Tesla’s Amazon Account Hacked To Mine Cryptocurrency

Winter Olympics hit by cyber-attack