WordPress.org

Ready to get started?Download WordPress

Forums

Automatic WP 3.8.1 update Outraged User (18 posts)

  1. gslabbert5119
    Member
    Posted 6 months ago #

    How is it possible that WordPress can get past all of my brute force security plus my username and password security and update the version of WordPress from 3.8 to 3.8.1

    I received an email stating that my site had been updated, and I specifically put in brute force security as well as password protected my site to prevent any changes without permission.

    Frankly I am outraged, I allow none to do updates to my site without my prior authorization.
    I am concerned that without my backing up my site prior to any update I may start having site issues and my business depends on solely on my site.
    This is a copy of the email I received this morning and I have validated that the version in fact was updated.

    From: wordpress@imagesinafricasafaris.com (which is an email address that does not exist on my domain)

    Howdy! Your site at http://imagesinafricasafaris.com has been updated automatically to WordPress 3.8.1.

    No further action is needed on your part. For more on version 3.8.1, see the About WordPress screen:
    http://imagesinafricasafaris.com/wp-admin/about.php

    If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
    http://wordpress.org/support/

    The WordPress Team

  2. Dave Naylor
    Member
    Posted 6 months ago #

    How is it possible that WordPress can get past all of my brute force security plus my username and password security and update the version of WordPress from 3.8 to 3.8.1

    Auto-updates have been around since 3.7 and were first used in 3.7.1.

    WordPress auto-updated because your webserver process has blanket write access to your entire site. It doesn't matter how much brute force security you have, the state of your installation means that you are allowing this to happen.

    If you don't want it to happen again, have a read of this:

    Guide to disabling auto updates

    then this:

    Permission scheme for WordPress

    Set your file permissions so that only your user account and not the server can write to files in your WordPress root directory and downwards.

    From: wordpress@imagesinafricasafaris.com (which is an email address that does not exist on my domain)

    That's the default email address in a WordPress install. <wordpress> [at] <yourdomain>. It's nothing to worry about. You can change it with a plugin such as:

    http://wordpress.org/plugins/wp-mailfrom-ii/

  3. gslabbert5119
    Member
    Posted 6 months ago #

    Thank you for your reply... Hmm, interesting... I have recently moved my Provider from Inmotionhosting to Hostgator, and with my previous provider updates had to be initiated by me. Seems that I need to have a chat with these guys and I will go through the the Guide to disable auto updates.

    Thanks again

  4. keeperbay
    Member
    Posted 6 months ago #

    There is a known rule throughout WordPress, Don't Update until the storm is over and all the bugs have been worked out.
    There needs to be an option to Disable Auto Update.

  5. keeperbay
    Member
    Posted 6 months ago #

    @gslabber5119, this will probably work for you: http://wordpress.org/plugins/disable-wordpress-updates/

    That way you don't have to pay someone to do it.

  6. Tara
    Member
    Posted 6 months ago #

    @keeperbay:

    There needs to be an option to Disable Auto Update.

    There is that option.
    Please review this codex guide for instructions: http://codex.wordpress.org/Configuring_Automatic_Background_Updates

  7. estarella
    Member
    Posted 6 months ago #

    Hi
    @gslabbert5119 me too. Automatic update and now I can't login to my wp.

  8. leejosepho
    Member
    Posted 6 months ago #

    There is a known rule throughout WordPress, Don't Update until the storm is over and all the bugs have been worked out.
    There needs to be an option to Disable Auto Update.

    I use this in wp-config:

    /** Disable All Automatic Updates */
    define( 'AUTOMATIC_UPDATER_DISABLED', true );
    /** That's all, stop editing! Happy blogging. */
  9. gslabbert5119
    Member
    Posted 6 months ago #

    I contacted my Provider and they added the following to the wp-config.php file

    '/** DISABLE WORDPRESS UPDATES **/
    define( 'AUTOMATIC_UPDATER_DISABLED', true );'
    We will see if that takes care of the Issue.

    Duh, I just realized that this is the exact code that was posted by leejosepho.

    Thanks for the assistance all

  10. estarella
    Member
    Posted 6 months ago #

    Yes, but now, How can I login to my wp network??

  11. gslabbert5119
    Member
    Posted 6 months ago #

    estrella, I do not post here much, but I bet that you will be best served if you post to a new thread that way everyone can find your issue. Responses from new threads are usually excellent from what I have seen, take this thread in point.

  12. estarella
    Member
    Posted 6 months ago #

    ok Thanks!

  13. Gtantra
    Member
    Posted 6 months ago #

    There should be an easier way, like a switch to turn off Auto updates...

  14. gslabbert5119
    Member
    Posted 6 months ago #

    Oh absolutely agreed Gtantra

  15. teryg93
    Member
    Posted 6 months ago #

    Thanks for the post. I thought I had auto updating turned off through my host, but two sites that I have set up that way auto updated yesterday. I just added this code to both sites.

  16. keeperbay
    Member
    Posted 6 months ago #

    The average blogger doesn't know an "if" from an "else", how are they going to disable a possibly crippling automatic update?

    A simple check box would have worked:
    Check if you want to auto update.
    Leave unchecked if you want to manually update like we always have.

    It's really that simple.

  17. stuartmcmillen
    Member
    Posted 6 months ago #

    @keeperbay I agree. This should be an "option" selectable through the WP Settings menu.

  18. Tara
    Member
    Posted 6 months ago #

    @stuartmcmillen:

    This should be an "option" selectable through the WP Settings menu.

    Until then do it as shown in this codex guide: http://codex.wordpress.org/Configuring_Automatic_Background_Updates

Reply

You must log in to post.

About this Topic

Tags

No tags yet.