Tuesday, January 22, 2019

For security reasons, it seems necessary to go to Wordpress 5.0.3 now; it worked for me



I did convert my three remaining Wordpress sites to 5.0.3 last night.  I left the Gutenberg editor in place without backfilling the Classic plugin and had no problems this time adding a new post.  The paragraph block icon does seem to copy from Word as text.

I did have to go into text mode to add a video (don’t know why it didn’t embed automatically) and to add an Amazon ad poster embed.

Previously, in mid December, I couldn’t get the new page to come up without the classic plugin.  This time it worked.


You have to give it a little time for the category list to come up.

I had gotten a warning of an app SQL inject violation on the monthly app scan for one of the sites (the tautology always true “If a = a” or the “Atlas Shrugged” SQL exploit.  The site had 4.9.9.  It appears that now all 4.9.9 sites should be upgraded to 5.0.3 immediately to prevent this possibility.  A new WP install should eliminate the violation.

The first time I clicked onto “upgrade” I got a 405 Forbidden.  I logged out of the control panel, logged back in, and tried again and it worked.  Perhaps Automattic was overloaded with too many people doing this at once.
  
 It seems important to keep Wordpress and Jetpack upgraded to the latest versions to minimize security exposures.



Update:  Jan. 24 

Today I found that Gutenberg would not load when I went to a post.  It acted like it had been deactivated.  I had to install and activate the Classic plugin to post.  I put in a tweet to Wordpress support. 

No comments: