WordPress 3.7 now contains an auto-updater

Wiz Feinberg · Post by **Wiz Feinberg** » 30 Oct 2013 9:07 pm

I have waited a long time to read the news that one of the Web's more popular and exploited blog frameworks has been updated to a new version that will henceforth update itself!

WordPress.org has just released WordPress 3.7; a.k.a: "Basie," in honor of Count Basie. If you operate a website and have installed any previous version of WordPress, whether through a one-click or manual installation, update it now. Then verify in the preferences that automatic updating is enabled.

WordPress, along with Joomla are the two most targeted web programs being probed at this point in time. An outdated version of the program, or one of its plug-ins, can allow a complete takeover. Takeovers are used to inject malicious iframes into the blog pages, attacking your readers' browsers when they visit your blog or website.

Also, review any and all plug-ins you have installed into either WordPress or Joomla. Some are no longer supported at all and are easy targets for such attackers as "Bot for JCE."

As always, protect your admin login with a very strong password. Using the default password leaves the door wide open to any script kiddie. The new version will even offer to create one for you.

Cal Sharp · Post by **Cal Sharp** » 31 Oct 2013 9:44 am

Auto update sounds good, thanks for the heads up, Wiz. I updated one of my WP sites just now and it went smoothly. Now I gotta do the same for my clients' sites. But I guess it'll be the last time I'll have to do it myself.

I might mention that some WP sites were hacked recently that had admin as the user name, so it's a good idea not to use that.