Title: Version 3.8.5
Published: May 17, 2019

---

# Version 3.8.5

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#wp--skip-link--target)

On November 20, 2014, [WordPress 4.0.1](https://codex.wordpress.org/Version_4.0.1)
was released to the public and WordPress 3.8.5 was released as an automatic security
update for WordPress 3.8.4.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#installation-update-information)󠁿

To download WordPress 3.8.5, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#summary)󠁿

From the [announcement post](https://wordpress.org/news/2014/11/wordpress-4-0-1/):

 * Three cross-site scripting issues that a contributor or author could use to compromise
   a site.
 * A cross-site request forgery that could be used to trick a user into changing
   their password.
 * An issue that could lead to a denial of service when passwords are checked.
 * Additional protections for server-side request forgery attacks when WordPress
   makes HTTP requests.
 * An extremely unlikely hash collision could allow a user’s account to be compromised,
   that also required that they haven’t logged in since 2008 (I wish I were kidding).
 * WordPress now invalidates the links in a password reset email if the user remembers
   their password, logs in, and changes their email address.

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-8-5/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    readme.html wp-admin/about.php wp-admin/includes/image.php wp-admin/press-this.php wp-includes/class-phpass.php wp-includes/formatting.php wp-includes/http.php wp-includes/kses.php wp-includes/pluggable.php wp-includes/user.php wp-includes/version.php wp-login.php
    ```

First published

May 17, 2019

Last updated