What's New in Latest WordPress Version For Developers

NEW YORK - June 1, 2015 - PRLog -- Skilled and ethical techies from around the world get together to find out the security vulnerabilities in this content management system in order to help the core development team to make WordPress more secure.

The outcome of this extensive research was WordPress 4.2.2. As a developer, it is important to know what the new version brings to you in terms or changes, performance features and latest elements.

Reminiscent of the Zero-Day Exploit, the existing susceptibility leaves your WordPress site open to attacks. This shows that a developer's company's or any client's portal can be hit by a cross-site scripting attack from malicious sources. Although, the flaw in the comment section was fixed efficiently with version 4.2.1, the guys at WordPress somehow ignored the other underlying elements including the popular themes and plugins that were also at risk. Let's focus on the fundamentals of the latest issue.

How to Defend Against the Bad Guys

The bad guys are always on a lookout to break into the vulnerable websites running on WordPress. By hook or by crook, they will try to achieve their hacking objective of stealing your data and adversely affecting the client's brand image. The 4.2.1 issue offered the Genericons font package. This new package now includes the 'High Dots Per Inch' display that is loved by every developer. However, there is an HTML file in the package contents that can be very easily injected with a script by any unknown source. Such an attack allows hackers to access your website's critical data without a hitch.

Robert Abela noticed and raised voice towards this grave problem on the server side. The latest version reduces the risk by preventing these useless examples to be exploited through malicious code injections. HTML file, all themes, plugins and folders in the wp-content directory are thoroughly scanned for the file.

Other Fixes
In the latest version, the visual editor is more improved in terms of security with regards to XSS attacks. Though, WordPress developers (http://www.cgcolors.com/new-york-wordpress-web-design/) have not provided any information regarding the details of this improvement, but every developer hopes that there won't be any hole in the security layer.

There are various non-security related bugs are also addressed in WordPress 4.2.2:

In the latest version, Emoji loading errors are fixed in thorough manner.
The developers have also improved the performance of a keyboard shortcut for saving from the Visual editor on Mac.
The oEmbed for YouTube URLs helps by not expecting HTTPS from the user side.
The performance angle of the WordPress while checking for encoding in case of sending strings to MySQL is also improved dramatically.
The bugs in reference tables in the dbname.tablename format has been fixed to provide for smooth queries to be processed.
The earlier unnecessary memory usage for a regex checking for UTF-8 encoding has been lowered.
Developers can alter the wrong index located in the wp_signups table on utf8mb4 conversion
Loop detection's performance is improved in _get_term_children()
The bug where attachment URLs were being forced to use HTTPS in some contexts is eliminated in this version.

Why you need to update WordPress?
This is basically the security update and a maintenance release for versions 4.2 and newer. But it is advised that in order to make your WordPress website secure, simply update the version without taking any chances. Why leave your website at risk of attack?

We hope this article was helpful in explaining the latest WordPress 4.2.2 update.