Make Sure You’re Taking Advantage of WordPress’s Latest Updates for your church school or ministry
If you manage your ministry’s website on WordPress, you may have noticed some recent updates.
WordPress 5.01 and 5.02 were released within a week of one another and they address major security concerns from previous versions, such as:
- Authors could create metadata to delete files they weren’t authorized to delete
- Authors could create posts of unauthorized post types with specially-crafted input.
- Contributors could craft meta data in a way that resulted in PHP object injection
- Contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
- Specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances
- User activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.
- Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.
Find out more about these issues here:
If you have not done so already, you should update your WordPress version as soon as possible. But do so with great care.
Here’s what to keep in mind:
If possible, test the update on a clone development site. This will allow you to work out any issues on that website before moving it to your live site.
If you do not have access to a development or staging/sandbox site, before attempting any WordPress core updates, ALWAYS take a backup of your website! Sometimes the core update can “break” the site, so you’ll want a way to restore the site to the previous version while you look to see what the issue was during the update.
A major change in this 5.01 adn 5.02 version of WordPress is the introduction of the “Gutenberg editor” and “blocks.” While for some themes this new editor may make simple textual and image updates much easier for you to carry out, it may also mess with how some WordPress themes perform, even to the point of “breaking.”
One theme this update does not work well with is Divi, which happens to be a theme we highly recommend because of it’s user-friendly features. So if you’re using Divi and you run the update, you’ll notice that the Gutenberg editor completely removes the Divi editor—which is already somewhat “block”-oriented and may not actually be improved by Gutenberg—when you’re building or editing a page.
The easiest way to fix this is to install the Classic Editor plugin, which you can do directly from your WordPress admin by going to Plugins, Add New, and search for Classic Editor.
If you’re careful with the above items, you should be good to go with these new updates.
Learn more about this significant WordPress update:
“WordPress 5.0.1 Security Release is Now Available!” (WordPress.org News)
“7 WordPress Vulnerabilities Fixed in Version 5.0.1” (Latest Hacking News)
“What to Expect with WordPress 5.01 and 5.02 Updates” (TechBear)
Want to further improve your church website?
Check out these related posts, tailored to the needs of churches, schools and ministries: