If you have missed our latest post about the serious XML-RPC interface security fix you should better upgrade your WordPress to it’s newest security release 3.9.2. For more information about the XML-RPC issue you can check our previous post Disable XML-RPC Pingback.
The new WordPress 3.9.2 fixes the security issue of possible denial of service issue in PHP’s XML processing.
Here are some of the rest new security features of the new WordPress 3.9.2 release:
- Fixes the previously possible code execution when processing widgets.
- Fixes the chance of information disclosure via XML entity attacks in the external GetID3 library.
- Adds protections against brute attacks against CSRF tokens
- Adds some additional security hardening, as preventing cross-site scripting that could be triggered only by administrators etc.
More detailed information about the new WordPress version can be found at: http://wordpress.org/news/2014/08/wordpress-3-9-2/
You can download the latest version of WordPress from the following url: https://wordpress.org/download
And of course you can upgrade your WordPress instance directly from your WordPress Administrator Dashboard → Updates and simply click “Update Now”.
Last but not least we would strongly recommend to all of our clients using WordPress for their projects to upgrade their instances to the latest available version in order to strengthen the security of their websites.