• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multi-framework
    • Security
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Overview
    Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial

WordPress security updates, the quick way

01 November, 2017
Larry Garfield
Larry Garfield
Director of Developer Experience

Yesterday, the WordPress team along with security researcher Anthony Ferrara released a new version of WordPress, version 4.8.3 that fixes a significant security vulnerability. You can read more about the technical details of the exploit and the timeline of its report on Anthony's blog. The long and short of it is that if you're not already running WordPress 4.8.3, you need to upgrade.

If you're on Platform.sh, updating is simple and straightforward. There's 2 ways, depending on if you're using a vanilla WordPress download package or building it via a Composer-based variant.

Using Composer

If you're using one of the Composer-based WordPress installers, the process can’t be easier.

  1. Checkout your project from Platform.sh using Git

  2. Verify that your composer.json file is set to download WordPress 4.8. Look for the require line that downloads WordPress itself. It will probably look something like this:

    "require": {
        "johnpbloch/wordpress": "4.8.*"

    Make sure the version constraint is set to a value that includes 4.8.3. 4.8.*, ^4.8, ~4.8, and so on are all valid constraints. Update it if you need to, then save the file.

  3. Run composer update to update the lock file.

  4. Commit the changed composer.json and composer.lock files to Git.

  5. Push the new commit to Platform.sh.

You're of course free to try it on a test branch first. Platform.sh makes that easy for exactly cases like this one. Simply make a new branch before adding the changed files to Git, then activate the environment after it's pushed. As soon as you're comfortable that the update works, go ahead and merge it to master.

Vanilla download

If you are running WordPress as a simple download from WordPress.org, the way to update it is to simply copy files from a new download over your existing install.

  1. Checkout your project from Platform.sh using Git
  2. Download the latest version of WordPress from the download page and unzip the file.
  3. Copy all files from the download into your project, overwriting what's already there. Make sure that the wp-config.php file is not changed.
  4. Commit all changed and added files to Git. (Note there are some recently added files; be sure not to miss those.)
  5. Push the new commit to Platform.sh.

You can also test the update on a branch if you prefer. If everything is in order just merge the branch to master and you're done.

Get the latest Platform.sh news and resources

Related Content

A festive treat: PHP 8.3 is already available on Platform.sh

A festive treat: PHP 8.3 is already available on Platform.sh

AboutSecurity and complianceTrust CenterCareersPressContact us
Thank you for subscribing!
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺