WordPress Security Update 4.9.5 is here and will have a big impact on your website.

WordPress 4.9.5 is Here

An infestation of ants is a surefire way to ruin a picnic, but a bevy of software bugs is a far more frightening event. WordPress now powers a staggering 30 percent of the internet, with thousands of sites added to the fold each and every day. [1] If there’s a bug in the system, the digital world is going to notice.

Thankfully, the masterful minds behind the world’s most popular content management system took note of recent hiccups and have released WordPress 4.9.5, a new security and maintenance update designed for WordPress 3.7 and beyond.

Our WordPress experts gathered what you need to know about the new WordPress security update and how you can use it to ditch the blips and get back to business.

There’s a Trio of Security Boosts

To shore up WP security, the new release includes three major changes:

  • Localhost is no longer the default host
  • When SSL is forced, the login page now uses safe redirects
  • All version strings used in generator tags are correctly escaped

It Fixes a Whopping 25 Bugs

The major impetus behind this release was an influx of user-submitted errors. WordPress developers isolated and fixed 25 of those bugs, including the following changes:

  • Caption shortcodes have been restored to previous styles
  • You can now crop via touchscreen devices
  • Some strings, such as error messages, have been altered to increase clarity and make them “friendlier”
  • Attachment placeholders are now better positioned during uploads
  • Better compatibility with PHP 7.2

For those who are interested, the lyrics in the Hello Dolly plugin have also been updated.

It Matters How You Update

WordPress may be the most utilized CMS on the web, but that doesn’t mean everyone is using it properly. Nearly half of the WordPress sites in the Quantcast Top 10,000 aren’t running the newest WordPress security update and 33 percent have skipped more than one update. [2]

That’s a big-league problem because the popularity of WordPress makes it a prime target for hackers, and once a weakness has been found on one site, it can be perpetually exploited, leaving millions of online businesses at risk. Updating protects your own investment and safeguards everyone around you. Think of it as herd immunity for the internet age. Is your WordPress site running slow? Keeping your security up to date can help with that.

Now you know it’s crucial to update, and just as important is how you update because it could seriously affect the outcome. You can technically complete the update yourself, provided you have a backup and you know what you’re doing – but this is not the time to “wing it”.

Your site’s health is at risk. Your hosting company may initiate the update automatically, but you’ll need to check to be sure. While you’re at it, ask them if they have a backup and whether it’s recent. If an update goes poorly or causes performance issues, you should be able to restore your old site in 10 minutes or less – no exceptions.

Talk to a WordPress Expert Today

Need help? Having a team of WordPress experts on hand is a brilliant way to ensure your site is always expertly managed, running quickly, and as secure as possible. Check out our support and maintenance plans or call (855) 977-0391 to talk to an expert about the latest WordPress security update.


  1. https://venturebeat.com/2018/03/05/wordpress-now-powers-30-of-websites/ [1]
  2. https://www.thesslstore.com/blog/33-percent-top-wordpress-sites-are-at-least-two-versions-behind/ [2]