WordPress update?

My client has reported that he has received a daily email whcih seems to refer to his website (I don't maintain his website). Looks like a Wordpress update, can you confirm. Presume his web maintainer will have to carry this out?

Thanks

From: installer@oneclickinstaller.com
To: geoffnnnnnnn@nnn.com
Sent: 20/04/2015 07:56:10 GMT Daylight Time
Subj: [OneClick Installer] WordPress plugin Jetpack by WordPress.com 3.4.2 now available
 
This is an automated email from OneClick Installer. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the OneClick Installer tool, and select the installed applications you wish to modify.

An update to Jetpack by WordPress.com 3.4.2 is now available for the WordPress installations you are managing using OneClick Installer. The following can be updated:

- http://www.geoffreymalone.com/wp


Login to your web hosting control panel and navigate to the OneClick Installer tool to update your installed applications.

End of report.
LVL 1
gerlisAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

captainCommented:
I assume he has registered and installed his site using a Wordpress (WP) package on Fasthosts hosting.

Looks like Fasthosts provide a wrapper package called OneClick Installer that deploys sites and hosting platforms such as WP. Further it seems that this extends to notifications for WP plugin upgrades that he would normally get through the dashboard of his WP site.

I don't think there is either anything harmful or on the contrary excessively useful in this mail.

Assuming the url above is correct, he can simply login to http://www.geoffreymalone.com/wp-login.php and get the same info from the dashboard and can update, upgrade, activate and uninstall from there. It is the same login that allows the user to create content and change the design of the site, so access to this is vital for the running of the site.

If this was set-up by a third party then they should give your user the login details to access the dashboard. Saying that as the notifications go to the user's email, he should have access via this email on the login page, or at least be able to reset the password for the account associated with the email.

Any update to plugins is usually a simple click and confirm operation and the user should be able to carry this out. If he feels apprehensive, he can create a second admin account for you or any other person to do this on his behalf.

hth
capt.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lionel MMSmall Business IT ConsultantCommented:
These notification are sent out to let you know if there is a new update. You can go to wordpress.org and see if this is the latest update or not https://wordpress.org/download/. They are still on 3.4 and thsi tells what this update is for https://wordpress.org/news/2012/09/wordpress-3-4-2/. And you can either login into your wp website as an admin and run the update or you can use the update process provided by this hosting company. It is a matter of preference but both will work--usually the avenue provided by the hosting company is made easier as they create the required steps for all their hosting clients and depending on that host may provide support in the event something goes wrong with the update. I have run into issue with getting support from some hosts that will not help if you do it directly through the admin interface on the website directly--have them check with their hosting company. You may want to help them get to version 4 but usually major upgrades like from 3.xx.xx to 4.xx.xx are more prone to issues so make sure you do a backup -- most hosting providers allow for full hosting backups to be run manually.
0
captainCommented:
@lionelmm. That is simply not correct.

The notification is not for upgrading Wordpress. WordPress 4.1.1 is the current version. your link refers to a news item from 2012.

This is for the Jetpack plugin, which is a toolbox (many tools, one plugin) which is a wordpress developed plugin, not a third party product.

The current Jetpack version is 3.4.3, so the user is simply a couple of point versions behind. Not a tragedy unless he is affected by the issue contained in the change log.

@gerlis, please do not tell your user to 'update' to WP 3.4.2
0
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Lionel MMSmall Business IT ConsultantCommented:
My bad--shows you easy it is to over-read the details when you see what you think is a common verbiage. A good reminder to pay attention to the details. Apologies
0
gerlisAuthor Commented:
Thanks to everyone. My client has now received this email (by the way we never use a greeting of "Howdy" in the UK!). Looks like it has done the update automatically? He has yet to contact his web maintainer.


________________________________________
From: wordpress@nnnaaa.com
To: aaannaannana@aaannn.com
Sent: 21/04/2015 17:33:43 GMT Daylight Time
Subj: [Geoffrey Malone] Your site has updated to WordPress 4.1.2
 
Howdy! Your site at http://www.geoffreymalone.com has been updated automatically to WordPress 4.1.2.

No further action is needed on your part. For more on version 4.1.2, see the About WordPress screen:
http://www.geoffreymalone.com/wp/wp-admin/about.php

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/

You also have some plugins or themes with updates available. Update them now:
http://www.geoffreymalone.com/wp/wp-admin/

The WordPress Team
0
gerlisAuthor Commented:
This morning he received the following email:

From: installer@oneclickinstaller.com
To: aaaannn@nnaa.com
Sent: 22/04/2015 08:10:34 GMT Daylight Time
Subj: [OneClick Installer] WordPress 4.1.2 now available (security release)
 
This is an automated email from OneClick Installer. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the OneClick Installer tool, and select the installed applications you wish to modify.

An update to WordPress 4.1.2 (security release) is now available for the WordPress installations you are managing using OneClick Installer. The following can be updated:

- http://www.geoffreymalone.com/wp


The changes for this version are:

This is a critical security release for all previous versions. Furthermore, a number of plugins released security fixes yesterday. Keep everything updated to stay secure.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.

We also fixed three other security issues:
* In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
* In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
* Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.

We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins and Marc-Alexandre Montpas.

Login to your web hosting control panel and navigate to the OneClick Installer tool to update your installed applications.

Regards,

The OneClick Installer Support Team
0
Lionel MMSmall Business IT ConsultantCommented:
Now what I had to earlier applies--their web hosting company has automatically updated their wordpress; this is a feature that the hosting company provide. In most cases you can unchecked the setting to automatically update Wordpress if you so desire. They can logon to their hosting "cpanel" (management interface) and see what status Wordpress is in and what version it is.
0
gerlisAuthor Commented:
Thanks, lionelmm
0
captainCommented:
@ lionelmm No worries happens to me all the time :)

So in summary these are all "convenience mails" to alert the user that is registered on the site of upcoming upgrades or if set to do so auto updates that are being made.

I just wonder why the user would have to contact his web maintainer. These notifications are generated and sent to the email for the admin account on wordpress. He should have a login for this, his web maintainer may have set this up, but as password reset control falls to this email address he should be autonomous to make changes to the notification (with some hand-holding perhaps).

He will still need to update the Jepack plugin in any case, and is likely to get further emails like the original. Plugins are updated regularly. A normal site with 6-8 plugins as standard has 1 update per week, a heavy plugin user has quite a few more, and with wordpress updates usually every plugin will be updated before long.

This means if WP is set to auto update, it is advisable to update your plugins accordingly to keep things running smoothly.

capt.
0
gerlisAuthor Commented:
He is probably unaware that he is the admin email for the WP updates and notifications.

I'll let him know that he will receive other automated messages about updates but can safely assume the updates will be taken care of.
0
Lionel MMSmall Business IT ConsultantCommented:
I would also make sure to let him know to check the website after updates--if he has add-ons/plug-ins they may not always continue to work with newer updates or version of WP. In most cases they do but it still a worthwhile exercise to verify each page and feature after each update so that in the vent anything is incompatible the host can restore it from a backup--generally they only have them for 14 to 30 days, depending on the host.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.