Title: Version 4.4.13
Author: Subrata Sarkar
Published: February 18, 2019

---

# Version 4.4.13

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#wp--skip-link--target)

On 29 November, 2017, WordPress 4.4.13 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#installation-update-information)󠁿

To download WordPress 4.4.13, update automatically from the Dashboard > Updates 
menu in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#summary)󠁿

From the [WordPress 4.9.1 release post](https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/):
WordPress versions 4.9 and earlier are affected by four security issues which could
potentially be exploited as part of a multi-vector attack. As part of the core team’s
ongoing commitment to security hardening, the following fixes have been implemented
in 4.9.1:

 1. Use a properly generated hash for the `newbloguser` key instead of a determinate
    substring.
 2. Add escaping to the language attributes used on `html` elements.
 3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
 4. Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html`
    capability.

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-4-13/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    wp-admin/about.php
    wp-admin/user-new.php
    wp-includes/feed.php
    wp-includes/functions.php
    wp-includes/general-template.php
    wp-includes/version.php
    wp-includes/wp-db.php
    ```

First published

February 18, 2019

Last updated