Last month we released an authenticated remote code execution (RCE) vulnerability in WordPress 5.0. This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution on any WordPress installation prior to version 5.1.1.
I decided to allow WordPress to upgrade itself to the latest version. I just go into it to do the plugins.
My two WordPress servers are now on Ubuntu 18.04.2. I have upgraded to the latest LAMP components that you are read about on Ubuntu pages. I am on the latest version of WordPress. This mainly affects my main webpage with videos of my children. These files can be huge.
The ServerAlias is the old www address. The redirect points to the new SSL server address. The redirect is much faster now since it happens in the website itself.
Both WordPress servers have been duplicated and moved to Ubuntu 18.04.2 and latest components. I then upgrade Ubuntu with LTS Enablement for the kernel updates.
I add the repository for Digital Ocean MariaDB, PHP 7.3.x, Apache 2.4.x. I install phpMyAdmin’s latest version after installing the base product in Ubuntu. phpMyAdmin is a quick way to create the WordPress databases and user for each web site. I have pages dediicated for each of these. I copy in The Hacker News bug reports on all the components I use. It is best to stay on the latest components for WordPress.