• Overview
    Frameworks
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    Features
    • Observability
    • Auto-scaling
    Solutions
    • Marketing Teams
    • Retail
    • Higher Education
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Contact
  • Login
  • Free Trial
Blog
Thumbnail

WordPress security updates, the quick way

wordpressphp
November 01, 2017
Larry Garfield
Larry Garfield
Director of Developer Experience

Yesterday, the WordPress team along with security researcher Anthony Ferrara released a new version of WordPress, version 4.8.3 that fixes a significant security vulnerability. You can read more about the technical details of the exploit and the timeline of its report on Anthony's blog. The long and short of it is that if you're not already running WordPress 4.8.3, you need to upgrade.

If you're on Platform.sh, updating is simple and straightforward. There's 2 ways, depending on if you're using a vanilla WordPress download package or building it via a Composer-based variant.

Using Composer

If you're using one of the Composer-based WordPress installers, the process can’t be easier.

  1. Checkout your project from Platform.sh using Git

  2. Verify that your composer.json file is set to download WordPress 4.8. Look for the require line that downloads WordPress itself. It will probably look something like this:

    
    "require": {
        "johnpbloch/wordpress": "4.8.*"
    },

    Make sure the version constraint is set to a value that includes 4.8.3. 4.8.*, ^4.8, ~4.8, and so on are all valid constraints. Update it if you need to, then save the file.

  3. Run composer update to update the lock file.

  4. Commit the changed composer.json and composer.lock files to Git.

  5. Push the new commit to Platform.sh.

You're of course free to try it on a test branch first. Platform.sh makes that easy for exactly cases like this one. Simply make a new branch before adding the changed files to Git, then activate the environment after it's pushed. As soon as you're comfortable that the update works, go ahead and merge it to master.

Vanilla download

If you are running WordPress as a simple download from WordPress.org, the way to update it is to simply copy files from a new download over your existing install.

  1. Checkout your project from Platform.sh using Git
  2. Download the latest version of WordPress from the download page and unzip the file.
  3. Copy all files from the download into your project, overwriting what's already there. Make sure that the wp-config.php file is not changed.
  4. Commit all changed and added files to Git. (Note there are some recently added files; be sure not to miss those.)
  5. Push the new commit to Platform.sh.

You can also test the update on a branch if you prefer. If everything is in order just merge the branch to master and you're done.

Get the latest Platform.sh news and resources
Subscribe

Related Content

Cover image

Stop wasting your time! A modern development workflow for WordPress, using Platform.sh plus third-party tools

Company

AboutSecurity and complianceTrust CenterBoard and investorsCareersPressContact us
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceManage your cookie preferencesReport a security issue
© 2022 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺