gerlis
asked on
WordPress update?
My client has reported that he has received a daily email whcih seems to refer to his website (I don't maintain his website). Looks like a Wordpress update, can you confirm. Presume his web maintainer will have to carry this out?
Thanks
From: installer@oneclickinstalle
To: geoffnnnnnnn@nnn.com
Sent: 20/04/2015 07:56:10 GMT Daylight Time
Subj: [OneClick Installer] WordPress plugin Jetpack by WordPress.com 3.4.2 now available
This is an automated email from OneClick Installer. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the OneClick Installer tool, and select the installed applications you wish to modify.
An update to Jetpack by WordPress.com 3.4.2 is now available for the WordPress installations you are managing using OneClick Installer. The following can be updated:
- http://www.geoffreymalone.com/wp
Login to your web hosting control panel and navigate to the OneClick Installer tool to update your installed applications.
End of report.
Thanks
From: installer@oneclickinstalle
To: geoffnnnnnnn@nnn.com
Sent: 20/04/2015 07:56:10 GMT Daylight Time
Subj: [OneClick Installer] WordPress plugin Jetpack by WordPress.com 3.4.2 now available
This is an automated email from OneClick Installer. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the OneClick Installer tool, and select the installed applications you wish to modify.
An update to Jetpack by WordPress.com 3.4.2 is now available for the WordPress installations you are managing using OneClick Installer. The following can be updated:
- http://www.geoffreymalone.com/wp
Login to your web hosting control panel and navigate to the OneClick Installer tool to update your installed applications.
End of report.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Lionel MM
These notification are sent out to let you know if there is a new update. You can go to wordpress.org and see if this is the latest update or not https://wordpress.org/download/. They are still on 3.4 and thsi tells what this update is for https://wordpress.org/news/2012/09/wordpress-3-4-2/. And you can either login into your wp website as an admin and run the update or you can use the update process provided by this hosting company. It is a matter of preference but both will work--usually the avenue provided by the hosting company is made easier as they create the required steps for all their hosting clients and depending on that host may provide support in the event something goes wrong with the update. I have run into issue with getting support from some hosts that will not help if you do it directly through the admin interface on the website directly--have them check with their hosting company. You may want to help them get to version 4 but usually major upgrades like from 3.xx.xx to 4.xx.xx are more prone to issues so make sure you do a backup -- most hosting providers allow for full hosting backups to be run manually.
@lionelmm. That is simply not correct.
The notification is not for upgrading Wordpress. WordPress 4.1.1 is the current version. your link refers to a news item from 2012.
This is for the Jetpack plugin, which is a toolbox (many tools, one plugin) which is a wordpress developed plugin, not a third party product.
The current Jetpack version is 3.4.3, so the user is simply a couple of point versions behind. Not a tragedy unless he is affected by the issue contained in the change log.
@gerlis, please do not tell your user to 'update' to WP 3.4.2
The notification is not for upgrading Wordpress. WordPress 4.1.1 is the current version. your link refers to a news item from 2012.
This is for the Jetpack plugin, which is a toolbox (many tools, one plugin) which is a wordpress developed plugin, not a third party product.
The current Jetpack version is 3.4.3, so the user is simply a couple of point versions behind. Not a tragedy unless he is affected by the issue contained in the change log.
@gerlis, please do not tell your user to 'update' to WP 3.4.2
My bad--shows you easy it is to over-read the details when you see what you think is a common verbiage. A good reminder to pay attention to the details. Apologies
ASKER
Thanks to everyone. My client has now received this email (by the way we never use a greeting of "Howdy" in the UK!). Looks like it has done the update automatically? He has yet to contact his web maintainer.
__________________________
From: wordpress@nnnaaa.com
To: aaannaannana@aaannn.com
Sent: 21/04/2015 17:33:43 GMT Daylight Time
Subj: [Geoffrey Malone] Your site has updated to WordPress 4.1.2
Howdy! Your site at http://www.geoffreymalone.com has been updated automatically to WordPress 4.1.2.
No further action is needed on your part. For more on version 4.1.2, see the About WordPress screen:
http://www.geoffreymalone.com/wp/wp-admin/about.php
If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/
You also have some plugins or themes with updates available. Update them now:
http://www.geoffreymalone.com/wp/wp-admin/
The WordPress Team
__________________________
From: wordpress@nnnaaa.com
To: aaannaannana@aaannn.com
Sent: 21/04/2015 17:33:43 GMT Daylight Time
Subj: [Geoffrey Malone] Your site has updated to WordPress 4.1.2
Howdy! Your site at http://www.geoffreymalone.com has been updated automatically to WordPress 4.1.2.
No further action is needed on your part. For more on version 4.1.2, see the About WordPress screen:
http://www.geoffreymalone.com/wp/wp-admin/about.php
If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
https://wordpress.org/support/
You also have some plugins or themes with updates available. Update them now:
http://www.geoffreymalone.com/wp/wp-admin/
The WordPress Team
ASKER
This morning he received the following email:
From: installer@oneclickinstalle
To: aaaannn@nnaa.com
Sent: 22/04/2015 08:10:34 GMT Daylight Time
Subj: [OneClick Installer] WordPress 4.1.2 now available (security release)
This is an automated email from OneClick Installer. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the OneClick Installer tool, and select the installed applications you wish to modify.
An update to WordPress 4.1.2 (security release) is now available for the WordPress installations you are managing using OneClick Installer. The following can be updated:
- http://www.geoffreymalone.com/wp
The changes for this version are:
This is a critical security release for all previous versions. Furthermore, a number of plugins released security fixes yesterday. Keep everything updated to stay secure.
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.
We also fixed three other security issues:
* In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
* In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
* Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.
We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins and Marc-Alexandre Montpas.
Login to your web hosting control panel and navigate to the OneClick Installer tool to update your installed applications.
Regards,
The OneClick Installer Support Team
From: installer@oneclickinstalle
To: aaaannn@nnaa.com
Sent: 22/04/2015 08:10:34 GMT Daylight Time
Subj: [OneClick Installer] WordPress 4.1.2 now available (security release)
This is an automated email from OneClick Installer. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the OneClick Installer tool, and select the installed applications you wish to modify.
An update to WordPress 4.1.2 (security release) is now available for the WordPress installations you are managing using OneClick Installer. The following can be updated:
- http://www.geoffreymalone.com/wp
The changes for this version are:
This is a critical security release for all previous versions. Furthermore, a number of plugins released security fixes yesterday. Keep everything updated to stay secure.
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.
We also fixed three other security issues:
* In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
* In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
* Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.
We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins and Marc-Alexandre Montpas.
Login to your web hosting control panel and navigate to the OneClick Installer tool to update your installed applications.
Regards,
The OneClick Installer Support Team
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, lionelmm
@ lionelmm No worries happens to me all the time :)
So in summary these are all "convenience mails" to alert the user that is registered on the site of upcoming upgrades or if set to do so auto updates that are being made.
I just wonder why the user would have to contact his web maintainer. These notifications are generated and sent to the email for the admin account on wordpress. He should have a login for this, his web maintainer may have set this up, but as password reset control falls to this email address he should be autonomous to make changes to the notification (with some hand-holding perhaps).
He will still need to update the Jepack plugin in any case, and is likely to get further emails like the original. Plugins are updated regularly. A normal site with 6-8 plugins as standard has 1 update per week, a heavy plugin user has quite a few more, and with wordpress updates usually every plugin will be updated before long.
This means if WP is set to auto update, it is advisable to update your plugins accordingly to keep things running smoothly.
capt.
So in summary these are all "convenience mails" to alert the user that is registered on the site of upcoming upgrades or if set to do so auto updates that are being made.
I just wonder why the user would have to contact his web maintainer. These notifications are generated and sent to the email for the admin account on wordpress. He should have a login for this, his web maintainer may have set this up, but as password reset control falls to this email address he should be autonomous to make changes to the notification (with some hand-holding perhaps).
He will still need to update the Jepack plugin in any case, and is likely to get further emails like the original. Plugins are updated regularly. A normal site with 6-8 plugins as standard has 1 update per week, a heavy plugin user has quite a few more, and with wordpress updates usually every plugin will be updated before long.
This means if WP is set to auto update, it is advisable to update your plugins accordingly to keep things running smoothly.
capt.
ASKER
He is probably unaware that he is the admin email for the WP updates and notifications.
I'll let him know that he will receive other automated messages about updates but can safely assume the updates will be taken care of.
I'll let him know that he will receive other automated messages about updates but can safely assume the updates will be taken care of.
I would also make sure to let him know to check the website after updates--if he has add-ons/plug-ins they may not always continue to work with newer updates or version of WP. In most cases they do but it still a worthwhile exercise to verify each page and feature after each update so that in the vent anything is incompatible the host can restore it from a backup--generally they only have them for 14 to 30 days, depending on the host.