Another busy month with a major WordPress core release, WooCommerce 4.4 and a number of high profile security updates.
One of the big features in WP 5.5 is built-in auto-update for themes and plugins. Now you can set plugins and themes to update automatically directly in the WordPress admin. However, we do urge caution when using this new feature and we encourage you to think carefully about what plugins you enable auto-updates for, and what others might be best left for manual updates.
As usual, we held off on deploying the update until our own testing could be completed. While we found 5.5 to be a pretty smooth update, we did anticipate a few sites having issues with the jQuery Migrate script removal. Sure enough, as some customers updated themselves, a few required installing a helper plugin to reinstate jQuery Migrate.
On September 1, WordPress 5.5.1 was released with a number of fixes and changes. We will continue with testing 5.5.1 for a while longer, before deploying to all our Managed WordPress sites.
As ever, customers who want to start using 5.5.1 now can do so by updating from the Plesk WP Toolkit, or directly in the WP Dashboard. Just give WP NET Support a shout if you run in to any problems.
Significant Releases and Security Updates
Our support team has been earning their keep this month with a number of important security updates for themes and plugins.
Divi, Extra and Divi Builder
In early August the web was aflutter as thousands of Divi, Extra and Divi Builder users desperately updated their sites. Critical security vulnerabilities were discovered in the 3 flagship products from Elegant Themes, with an estimated userbase of 700,000! As updating Divi requires an active license code, there are always a few who get caught out. Thankfully, Elegant Themes also made a patcher plugin available, which users could install and activate even if a site didn’t have an active license.
As soon as WP NET Support was aware of these vulnerabilities we informed all customers and ensured licensed sites were updated to the latest version, or the patcher plugin was installed.
Not a security update, but the rollout of WooCommerce 4.4 did cause headaches for some users due to a compatibility issue with the WP Rocket caching plugin and a few others as well. Updates were made available promptly and we deployed them to all Managed WordPress customers.
And as recently as this morning we have a very nasty zero-day exploit in the popular File Manager plugin, and only a few weeks after another vulnerability was discovered in the very same plugin. Ouch.
This latest vulnerability has a CVSS score of 10! A comprehensive article explaining this issue and help with identifying a compromise is available on the WordFence blog.
Please see the WP NET Announcement page for more information on the File Manager vulnerability and what actions WP NET Support took to protect customers.