WordPress 3.7 released – complete with automatic security updates!

Graham Cluley
Graham Cluley
@[email protected]

Count BasieWordPress.org has announced WordPress 3.7 – a new version of its blogging and content management software.

The software, dubbed “Basie” in honor of American jazz pianist Count Basie (previous versions have included “Oscar”, “Getz”, “Ella”, “Coltrane”… WordPress.org clearly loves its jazz), comes with some significant enhancements in terms of security.

Best guesstimates reckon that WordPress-powered websites account for some 20% of the sites on the internet – which makes any advancements with its security incredibly significant for the protection of the web.

After all, with so many websites running the same software any exploitable vulnerabilities become very attractive to malicious hackers – who might be interested in compromising sites en masse to spread malware or create a botnet.

WordPress 3.7 update

From the security point of view, here’s how the new features in WordPress 3.7 are described:

Updates while you sleep: With WordPress 3.7, you don’t have to lift a finger to apply maintenance and security updates. Most sites are now able to automatically apply these updates in the background. The update process also has been made even more reliable and secure, with dozens of new checks and safeguards.

Stronger password recommendations: Your password is your site’s first line of defense. It’s best to create passwords that are complex, long, and unique. To that end, our password meter has been updated in WordPress 3.7 to recognize common mistakes that can weaken your password: dates, names, keyboard patterns (123456789), and even pop culture references.

Obviously anything which encourages stronger, harder-to-crack passwords is a positive step – but the more interesting feature for me is automatic updating of maintenance and security updates.

Statistics from W3Techs reveal that an alarming percentage of sites are still using out-of-date versions of the software on their websites, which contain known vulnerabilities.

WordPress version stats

Despite all the publicity about WordPress security flaws, many sites are still running vulnerable versions of the software on their sites, potentially putting themselves – and the internet users who visit them – at risk.

If administrators upgrade their websites to use WordPress 3.7, then they can avoid some of the donkey-work involved in keeping their website software current. Future maintenance updates and security fixes should be automatically rolled out.

Sign up to our free newsletter.
Security news, advice, and tips.

There’s also an option to enable automatic updates for plugins and theme skins – good from the security point of view, but typically website administrators like to be cautious, checking that updated plugins written by third parties don’t cause conflicts or have unexpected consequences on their sites.

Automatic updates aren’t for everyone, of course, and some more hands-on website administrators will feel happier disabling the functionality.

I have no doubt, however, that WordPress.org is going to do more work in this area – making the system more reliable, and pushing hard to make updates an even more seamless and safer process for website owners in future.

If you run a WordPress-powered website, check today which version you are running – and upgrade to version 3.7 if you can.

Note: Sites running self-hosted versions of WordPress from WordPress.org are different from the many millions of blogs which run on WordPress.com. WordPress.com, run by Automattic, manages the installation of WordPress for you, and looks after security on your behalf.

Although there are some limitations on what website owners can do on WordPress.com, they can always be sure that they are running the latest version of WordPress.

Don’t worry if you’re confused. It’s kinda crazy, in my opinion, that the names are so similar.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “WordPress 3.7 released – complete with automatic security updates!”

  1. Paul G.

    Hey Graham, I thought you might be interested, and perhaps
    your readers, in a recent addition we've made to our
    WordPress Simple Firewall plugin. You can now fully tweak and
    customize how the WordPress automatic updater works which a few
    simple check boxes. We'll be adding more later, like the
    ability to set which plugins and themes are automatically updated,
    for example. You can find it on the WordPress Simple Firewall on
    the WordPress.org repository:
    http://wordpress.org/plugins/wp-simple-firewall/ Hope you like! :)

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.