The WordPress version 5.2.4 (Download) was realeased to the public on October 14th, 2019 and it’s available for download.
The WordPress versions 5.2 and earlier versions are affected by some bugs which are fixed in the WordPress version 5.2.4. Updated versions of WordPress 5.1 and older releases since WordPress 3.7 are also available, for users who haven’t updated to version 5.2 yet.
THE WORDPRESS VERSION 5.2.4 IMPROVEMENTS.
- Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
- Honour to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
- Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
- Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
HOW TO DOWNLOAD THE WORDPRESS VERSION 5.2.4
The latest version of WORDPRESS for the meantime is out and without stress, it’s already made available for DOWNLOAD.
FILES THAT WERE REVISED IN V5.2.4
/wp-includes/class-wp.php /wp-includes/class-wp-query.php /wp-includes/functions.php /wp-includes/http.php /wp-includes/pluggable.php /wp-includes/rest-api.php (WordPress v5.2.4)
WordPress 5.2.4 is a short-cycle security release. The next major release will be the version 5.3
It is recommended to use servers running on version 7.3 or greater of PHP and MySQL version 5.6 OR MariaDB version 10.0 or greater.
We also recommend either Apache or Nginx as the most robust options for running WordPress, but neither is required.
THE WORDPRESS V5.2.4 BUILD TEAM
Aaron D. Campbell, darthhexx, David Binovec, Jonathan Desrosiers, Ian Dunn, Jeff Paul, Nick Daugherty, Konstantin Obenland, Peter Wilson, Sergey Biryukov, Stanimir Stoyanov, Garth Mortensen, vortfu, Weston Ruter, Jake Spurlock, and Alex Concha.
HOW TO UPDATE TO YOUR WORDPRESS VERSION 5.2.4
UPDATING WORDPRESS version 5.2.4
WARNING: The upgrade process will affect all files and folders included in the main WordPress installation. This includes all the core files used to run WordPress. If you have made any modifications to those files, your changes will be lost.
You should always update WordPress to the latest version. When a new version of WordPress is available you will receive an update message in your WordPress Admin Screens. To update WordPress, click the link in this message.
There are two methods for updating – the easiest is the one-click update, which will work for most people. If it doesn’t work, or you just prefer to be more hands-on, you can follow the manual update process.
BACK UP WORDPRESS
Before making such moves like this, it is always important for one to ensure that he/she should backup his/her site so are to prevent site breakdown and loss of efforts, time, and also article contents with may highly affect your SERPs.
I advise you to Backup manually using FTP clients and copy your Site to your desktop, OR you can the All in one WP migration plugin.
AUTOMATIC BACKGROUND UPDATES
However, for WordPress 3.7+, you don’t have to lift a finger to apply minor and security updates. Most sites are now able to automatically apply these updates in the background. If your site is capable of one-click updates without entering FTP credentials, then your site should be able to update from 3.7 to 3.7.1, 3.7.2, etc. (You’ll still need to click “Update Now” for major feature releases.)
Moreover, wordPress lets you update with the click of a button. You can launch the update by clicking the link in the new version banner (if it’s there) or by going to the Dashboard > Updates screen. Once you are on the “Update WordPress” page, click the button “Update Now” to start the process off. You shouldn’t need to do anything else and, once it’s finished, you will be up-to-date.
One-click updates work on most servers. If you have any problems, it is probably related to permissions issues on the filesystem.
Read Also: Ahrefs is Launching it’s Search Engine
MANUAL UPDATE STEPS
- Get the latest WordPress zip (or tar.gz) file.
- Unpack the zip file that you downloaded.
- Deactivate plugins.
- Delete the old
wp-admindirectories on your web host (through your FTP or shell access).
- Using FTP or your shell access, upload the new
wp-admindirectories to your web host, in place of the previously deleted directories.
- Upload the individual files from the new
wp-contentfolder to your existing
wp-contentfolder, overwriting existing files. Do NOT delete your existing
wp-contentfolder. Do NOT delete any files or folders in your existing
wp-contentdirectory (except for the one being overwritten by new files).
- Upload all new loose files from the root directory of the new version to your existing WordPress root directory.
NOTE – you should replace all the old WordPress files with the new ones in the
wp-admin directories and sub-directories, and in the root directory (such as
wp-login.php and so on). Don’t worry – your
wp-config.php will be safe.
However, be careful when you come to copying the
wp-content directory. You should make sure that you only copy the files from inside this directory, rather than replacing your entire
wp-content directory. This is where your themes and plugins live, so you will want to keep them. If you have customized the default or classic themes without renaming them, make sure not to overwrite those files, otherwise you will lose your changes. (Though you might want to compare them for new features or fixes..)
Lastly you should take a look at the
wp-config-sample.php file, to see if any new settings have been introduced that you might want to add to your own
If you’re upgrading manually after a failed auto-upgrade, delete the file .maintenance from your WordPress directory using FTP. This will remove the “failed update” nag message.
Nevertheless, visit your main WordPress admin page at /wp-admin. You may be asked to login again. If a database upgrade is necessary at this point, WordPress will detect it and give you a link to a URL like
http://example.com/wordpress/wp-admin/upgrade.php. Follow that link and follow the instructions. This will update your database to be compatible with the latest code. You should do this as soon as possible after step 1.
Don’t forget to reactivate plugins!
If you have caching enabled, clear the cache at this point so the changes will go live immediately. Otherwise, visitors to your site (including you) will continue to see the old version (until the cache updates).
Consider rewarding yourself with a blog post about the update, reading that book or article you’ve been putting off, or simply sitting back for a few moments and letting the world pass you by.
Your update is now complete, so you can go in and enable your Plugins again.
If you have issues with logging in, try clearing cookies in your browser.