Late last night we released an important update to our iThemes Security plugin (both free and premium) that fixes a critical security issue. More details follow below, but the short version of this post is simple: update to 4.6.13 and 1.14.19 (Pro) immediately.
What Did We Fix?
It should be noted that this security issue affects all versions of iThemes Security Pro and all versions of iThemes Security, including back to version 3.0.0 of Better WP Security. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue.
We were notified of this issue by Ole Aass, who waited for us to provide a patch and release an update before publishing his find to the public. We greatly appreciate this type of responsible disclosure.
Updating iThemes Security Pro
If you’re using iThemes Security Pro, you should immediately update to version 1.14.18.
There are three easy ways to update:
- Update immediately now from the Sync Dashboard
- Update directly from the WordPress dashboard for licensed Pro sites
- Download the latest version from the iThemes Member Panel
Forced Automatic Updates for the Free Version of iThemes Security
Because of the severity of the issue, the WordPress.org team put out a forced automatic update for the free version of iThemes Security (many thanks to Dion Hulse). Note: If you are running an older version of iThemes Security, we still strongly recommend updating to the latest version (4.6.13+).
If you didn’t specifically disable automatic updates, here are the following version number auto-update details:
- If you were running on 4.6 or higher, you’ll auto-update to 4.6.13
- If you were running on 4.5.*, you’ll auto-update to 4.5.11
- If you were running on 4.4.*, you’ll auto-update to 4.4.24
- If you were running on 4.3.*, you’ll auto-update to 4.3.12
- If you were running on 4.2.*, you’ll auto-update to 4.2.16
- If you were running on 4.1.*, you’ll auto-update to 4.1.6
- If you were running on 4.0.*, you’ll auto-update to 4.0.28
- If you were running on 3.6.*, you’ll auto-update to 3.6.7
- If you were running on 3.5.*, you’ll auto-update to 3.5.7
- If you were running on 3.4.*, you’ll auto-update to 3.4.11
- If you were running on 3.3.*, you’ll auto-update to 3.3.1
- If you were running on 3.2.*, you’ll auto-update to 3.2.8
If your site has not auto updated, please update as soon as possible.