WordPress 4.7.1 Released to Fix 8 Security Issues and 61 Bugs

WordPress 4.7.1 Security Release Version

WordPress version 4.7.1 has been just released pushing out fixes to several security issues. The security and maintenance release comes nearly after a month of major release of WordPress version 4.7 in December last year.

WordPress 4.7.1 fixes eight security issues that were reported after the release of the major version in December 2016. The version also fixes over sixty bugs from the previous version 4.7.

Users are advised to update to the latest version of WordPress 4.7.1 as soon as possible.

Updating to WordPress version 4.7.1

If your WordPress host supports it, your website should be updated automatically to WordPress 4.7.1.

But if your website wasn’t automatically updated or failed to update, here’re few steps that you should go through to install the latest update. It should only take you few moments for you to update to the latest version.

Head over to the Updates from your Dashboard Menu and you should see a notification for the latest WordPress version.

WordPress version 4.7.1 Update

Click on Update Now to update automatically to WordPress version 4.7.1.

Once the update process is complete, you should see a welcome message to WordPress 4.7.1.

WordPress 4.7.1 Update

The WordPress Team has also started notifying all the users whose site weren’t updated automatically to the latest version. Look for an email from the team, if your site wasn’t updated automatically.

WordPress 4.7.1 Update Email

You should also see a notification on your WordPress dashboard saying “an automated WordPress update has failed to complete”.

Notification WordPress Dashboard Update Fail

In most cases, your website should be updated automatically to 4.7.1 and you should receive an email from your host regarding the update.

You will need to review your website and make sure there are no problems after the automatic upgrade. Depending on the hosting service you use, you should be able to revert your website to the version before upgrade if you experience any issues.

WordPress version 4.7.1 Security Fixes

The security release post on WordPress news blog highlights security issues that affect WordPress 4.7 and all of the previous versions of the software.

Here’s the list of all the eight security issues as listed on WordPress codex for 4.7.1 update.

  • PHPMailer update fixing Remote code execution (RCE) – WordPress uses PHPMailer library as the basis for its email functionality.
  • The REST API issue that exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
  • Cross-site scripting (XSS) via the plugin name or version header on update-core.php.
  • Cross-site request forgery (CSRF) bypass via uploading a Flash file.
  • Cross-site scripting (XSS) via theme name fallback.
  • Post via email checks mail.example.com if default settings aren’t changed.
  • A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
  • Weak cryptographic security for multisite activation key.

WordPress version 4.7.1 Bug Fixes

The WordPress 4.7.1 version also fixes 61 bugs from the previously released WordPress 4.7 version.

The update includes fixes to the bundled theme, Comments, Customizer, Editor, HTTP API, Media, and Rest API among others. You can see the complete list of bug fixes on the codex page for 4.7.1 update

Twenty Seventeen Theme Update

The default WordPress theme for the year 2017, Twenty Seventeen has also been updated to version 1.1. The theme is updated with several fixes including right $content_width, and fixing the problem of displaying featured image on single template.

If you have the Twenty Seventeen theme installed on your website, it should now be available to update automatically from your updates dashboard under Themes.

Dashboard > Updates (See Themes Section)

Twenty Seventeen Theme Update

The release for 4.7.1 will be led by Aaron D. Campbell and the security issues were reported by WordPress users from the WordPress Security Team and the broader WordPress community.

WordPress 4.7 has been downloaded over 13 million times since its release in December last year.

Have you updated to WordPress 4.7.1 yet?

Pradeep Singh

Pradeep Singh

Pradeep Singh is the founder and your host here at WPism. He is an entrepreneur and blogger living his startup life based in London and Cambridge. Follow him on Twitter or like his page on Facebook.
Share on facebook
Share on twitter
Share on reddit
Share on linkedin
Share on email

One Response

  1. Could someone please tell me how to fix my Genesis Sample theme after the wp 4.7 update? The layout is now backwards: sidebar/content instead of content/sidebar in desktop view. And sidebar widgets now have no border around them, just bleed into main content area.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join our list

Black Friday Deals

Our Exclusive Deals

Share this post

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Help us share this post with your network?
Share on facebook
Share on twitter
Share on linkedin
Share on email
Want to keep updated with WordPress?

Join our monthly newsletter to receive best curated WordPress resources.

Want to keep updated with WordPress? Join our monthly newsletter.