WordPress 3.5.2 is here - and it’s not to be confused with the 3.6 beta releases. Being a point release, you shouldn’t expect significant changes. WordPress 3.5.2 is a security release, which means it’s critical that you update your site.
What’s in WordPress 3.5.2?
The release note for this specifically looks to address a bunch of security related issues:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, or reassigning the post’s authorship.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
How to Update Safely
This is very easy to do from any logged in user page - but you should always follow a pre-update checklist that helps to avoid many problems.
- Make sure you have a current WordPress database backup. Using DBC Backup 2 makes this easy.
- Enable your WordPress Maintenance mode page.
- Disable any / all plugins
- Run update
- Update any plugins that also got updated
- Enable all plugins that you need
- Check for any new issues
- Disable your maintenance mode
Having Problems with this update? then read 3 steps to recover from WordPress website killers
Still Need Some Help? Then I’m available -
If you’re still stuck - get in contact and I’ll be happy to help you out.