Last week, WordPress 4.9.3 was released. It brought the usual variety of minor enhancements and security fixes, but it also introduced a nasty bug that may prevent your WordPress site from updating itself properly in the future.

The bug is in the automatic update system. WordPress is able to automatically update itself for minor releases, those that increment the last number in 4.9.3, for instance. WordPress sites have happily upgraded themselves to WordPress 4.9.3, but because of the bug a in that version, WordPress sites may not be able to automatically update to future minor versions.

If your site updated automatically to WordPress 4.9.3, you may have to manually update to WordPress 4.9.4, which was released the next day to fix the problem.

The bug was introduced while the automatic update system was being modified to reduce the number of API calls it makes during updates, but those changes were, apparently, not properly tested, and stopped automatic updates working altogether on some WordPress installations.

If you aren’t using automatic updates, this isn’t something you need to worry about; apply the updates manually as you normally would. If your WordPress site is running a slightly out-of-date version, you are probably not affected either since the automatic update system only does minor version updates (although you should think about how safe it is to run outdated versions of WordPress in the first place).

In general, automatic updates are good for WordPress users, although they were met with some skepticism from WordPress professionals when they were first introduced with the release of WordPress 3.7. Most WordPress users aren’t professionals. Out-of-date WordPress sites cause security problems for site owners and visitors. Professionals can turn off automatic updates and manage the risk themselves, but for ordinary users, automatic updates are the most secure option.

A bug that disables automatic updates is a serious problem because WordPress users who assume that updates are being handled automatically by the system are unlikely to check for every minor release: their sites may be vulnerable through no fault of the user.

In fact, the only WordPress sites that are affected by the bug are those that have been manually updated to the most recent major version. Only security-conscious WordPress users are in the crosshairs on this one, which is why it’s so important to make sure WordPress users check their sites.

If you haven’t updated your site to WordPress 4.9.3 or 4.9.4, you might want to reconsider. Although a minor maintenance release to the WordPress 4.9 ‘Tipton’ line, it includes a variety of fixes and enhancements, including 34 bug fixes for Customizer changesets, widgets, the visual editor, and PHP 7.2 compatibility.

If you’re worried about the bug in the automatic update system or want to update to the most recent version of WordPress, select the ‘Updates’ category in the Dashboard and click ‘Update Now’.

Posted in:
WordPress