Perhaps your previous session is being remembered by the site? Unless you specifically logged out, you may actually still be logged in.
Just cleared the browsercache and history. Closed IE.
Then reopened IE and went to wp-admin. Same result.
See: https://i.imgur.com/5pcCuwX.png
This is normal behavior after an upgrade. The database upgrade is a single button press and fully automated. There is no user input to be performed here, and so it is not a security issue.
If you do the upgrade using the one-click process in WordPress, then you usually do not see this screen because WordPress performs the database upgrade in the same one-click step.
You will see this button when you perform a manual update of the WordPress files, because WordPress has not run the upgrade routines yet. All you have to do is to click the button and let it work. It only takes a few seconds, usually.
There is no user input to be performed here, and so it is not a security issue.
You will see this button when you perform a manual update of the WordPress files
1) I have not done a manual update. I’m doing it automatically.
define( ‘WP_AUTO_UPDATE_CORE’, true );
2) It’s a good thing database updates aren’t updated automatically.
It gives the admin an opportunity to backup beforehand.
3) It’s not a security issue? If anyone can execute the DB update without the admin knowing. There is a chance that it may fail. Leaving the DB in an inconsistent state. This may be exploited by an attacker to get access either to data or unprotected area’s of the site due to the inconsistent DB. I’m not a security expert, but I rather be wrong on this…. Am I?
There is a chance that it may fail.
This depends on the nature of the update.
For 4.4, the database upgrade consists of:
ALTER TABLE wp_options MODIFY option_name VARCHAR(191)
That’s pretty much it. One statement. Success or fail. Just resizing the option_name column from the previous limit of 64 characters.
The 4.4 upgrade process also removes the add_users capability from roles which have it, which is mainly cleanup since that capability is not actually used anymore. Doesn’t matter if the cap is there or not, realistically.
As for “consistency”, the WordPress tables are not relational. Not really. They do interconnect somewhat, but those connections are not strongly enforced. Consistency is not much of an issue.
IMHO it looked very suspicious since I wasn’t logged in as admin.
Thanks for clearing it up.
