Skip to content

Should You Hold Off on the WordPress 4.4.2 Security Update?

February 22, 2016 • 3-minute read

Should You Hold Off on the WordPress 4.4.2 Security Update?

It’s almost like clockwork: Every time a major update rolls out for a software platform or service provider, no matter how many bugs it fixes, a couple of others show up. It’s like a game of technological Whack-a-Mole sometimes.

Unfortunately, the latest WordPress update — the 4.4.2 security update — appears to be no exception.

What it fixes

The new update to the platform’s open-source blogging and content management system specifically deals with a couple  of significant security holes.

The patch fixes a security vulnerability in the form of a possible Server-Side Request Forgery (SSRF) that can impact local addresses. Through an SSRF, a hacker or attacker can actually hide what he’s doing and how he’s modifying or accessing his target. Since this is a serious security issue, WordPress made it a priority to fix it with this update. This isn’t a first for WordPress, though, as it fixed a similar issue via the 3.5.2 patch way back in June 2013.

The other security issue that this patch fixes is an open redirection attack - an attempt to take advantage of Web functionality in terms of external site linking. To address this, Wordpress developed a new block of code that ensures enhanced validation - and thus, better security - of Web addresses used in HTTP redirects.

The WordPress 4.4.2 update also fixes 17 other bugs that have to do with the platform’s functionality. The first update, which was released on Jan. 6, included 52 bug fixes and a patch that fixes a scripting vulnerability.

What it doesn’t fix - or what it possibly breaks

Our clients have reported a number of issues with their WordPress sites:

  • Form notifications were disabled.
  • Attempts to upload images resulted in error messages.
  • Some shopping carts experienced plugin conflicts.

While we have yet to determine for sure if it really was the update that caused these, it looks as if it’s an Occam’s Razor situation. Basically, since these issues started popping up after the users updated their sites with the latest version of the platform, it’s highly likely that plugin incompatibility with the new version caused most of the issues reported to us. As a result, most plugins need to be re-configured to the latest update in order to function properly.

So, what should you do?

We strongly advise you to upgrade to the new version after taking steps to check that your site is unlikely to suffer incompatibility issues. When you're ready, you can download WordPress 4.4.2 directly from the dashboard. If your site is configured to automatically update to new versions, it's likely that your site has already been updated.

In the meantime, if you have related questions or concerns, drop us a line!  You can schedule time with one of our Client Relationship Managers here.

Talk to us


Mikael Angelo Francisco
Mikael Angelo Francisco
Kyle is a Communications Senior Specialist at StraightArrow who also contributes to the SciTech section of GMA News Online and reviews movies and comic books for pop culture blogs. He is into sports climbing, running, and other related activities, and may or may not be Spider-Man (he refuses to give us a straight answer).



Stay ahead of the curve and gain a competitive edge in the dynamic world of digital marketing. Sign up today to receive valuable insights and industry updates directly to your inbox.

Send us a message!

If you have a question or would like to know more about our services, click the button to book a no-obligation consultation call with our team. We're here to provide guidance and support tailored to your specific needs.