Why to Update to WordPress 4.5 Coleman

What’s new in version 4.5 + what was fixed in WP 4.5.1., 4.5.2. and 4.5.3. releases?

The 4.5 version of WordPress is available with updated features and new improvements. This version got the name Coleman, after the great jazz saxophonist Coleman Hawkins. If you don’t have it yet, you can either download it manually or update it in your dashboard. By doing so, the 4.5 can help you to work on your website more easily and effectively. Let me show you how.

For example, if you want to take a look at your website on the Mobile web, you don’t need your phone for it anymore. That’s because of the Responsive Previews which can be found in the customizer menu. With these, you are able to switch between layout tables and check out your website on different screens of each size.

At the Site Identity settings you can also add a logo to your site, but first make sure that your theme supports it. They have also modified certain parts of the editor to take your writing experience to a next level. When you want to insert a link into your text, a field will appear asking for the URL. It doesn’t matter that the link you insert is on your site on elsewhere on the Internet.

This release contains more formatting shortcuts, so maintaining the flow in your writing won’t be as big of a problem. You can even turn your text into code just by enclosing it in back tips. Instead of clicking on the horizontal line button, type in three dashes and the line will instantly appear. It’s better than to click on it, especially if you want to stick to your keyboard.

Also Read: How to Install WordPress Manually.

All in all, this interface is less distracting and more enjoyable with these useful tools. Let’s take a look at this from another point of view.

They made a few Under the Hood changes

The image compression is increased

It loads images about 50% faster and the quality loss is not noticeable. The compression applied to custom image sizes is now slightly increased. In the WP_Image_Editor there is a default quality which is changed from 90 to 82. As a result, you will get a noticeably smaller file with a really tiny change in its visual quality. If you don’t need this default value, you can simply override it with the wp_editor_set_quality filter.

Improved ImageMagick resizing settings

This improvement is about the reduced file sizes with the new ImageMagick settings. Now you’re able to resize images in WP_Image_Editor_Imagick more efficiently and to use the WP_Image_Editor_Imagick::strip_image() method to remove the extraneous metadata.

They retained a few profiles which can contain orientation and copyright data, including ‘icc’, ‘icm’, ‘xmp’, ‘iptc’ and ‘exif’. If you need the additional metadata, it can also be retained by just adding a callback function that returns ‘false’ to the hook called image_strip_meta.

These changes don’t affect the full sized original pictures.

The new wp_get_upload_dir()

There is a function called wp_upload_dir which returns you an array with the path and URL of the directory you are working with. They improved its performance in the 4.5 and now it has a persistent cache. A function named wp_get_upload_dir() is a brand new one. It uses the front end to display information related to the uploads directory. It’s very useful when you’re creating URLs for your images.

The Selective Refresh feature

This is a customizer related update which adds a feature called Selective Refresh. It basically renders parts of your preview in real time and your code won’t be rewritten from PHP to JavaScript in the meanwhile. Previously it needed a significant amount of time to check out your preview, since that required an entire page reload. Now the changes you make appear much quicker.

So no more laggy previews, no more server- side communication. This feature is based on postMessage transport, which relies on JavaScript. However, they still have some difficulties with it because it works only for simple style or text changes. Nevertheless, it’s a promising start and a lot of improvement is expected in the future.

Better Script Loader

Inline JavaScripts can be added with the function wp_add_inline_script(), similarly like with wp_add_inline_style which is used for adding inline styles. This way you can easily add extra code to a registered script.

Improved Embed Templates

Embeds were introduced to users in WordPress 4.4 and from then on, they were able to embed posts from any WordPress blog. In the 4.5 version they’ve made it even better. You can customize your embed templates by adjusting the embed display to better match your theme. Users can share your website on  social media at any time, so it’s optional to have a good appearance there. It’s a totally new way to load the template and some minor bug fixes were made as well.

JavaScript Libraries Updated

Multiple external JavaScript libraries were updated like Backbone, Migrate, jQuery migrate, jQuery and Underscores. These are considered as major changes because a lot of plugins depend on the mentioned libraries.

The WordPress 4.5.1 Maintenance Release

The main idea of this release was to gather the reports that covered the main issues in WordPress 4.5, and try to find a solution for them. They fixed 12 bugs in this version just two weeks after the previous one was released.

There was a singular class problem with the theme called Twenty Eleven and an Imagick bug was found as well. Imagick was interfering with media uploads, and Twenty Eleven created an icompability between the visual editor and certain versions of Chrome. It’s a site layout problem which appeared when the theme was used with other widgetized themes.

The most significant improvements are:

  • Theme customizer preview issues are now fixed on tablet devices
  • TinyMCE editor is now fixed. The toolbar was unresponsive and froze in Google Chrome
  • An issue resolved with the Emoji skin tone support test, which also appeared in Chrome

The complete list of changes can be checked in great detail in the WordPress 4.5.1 release notes on their site.

Recommended: Essential WordPress Plugins that Every Website Should Use.

WordPress 4.5.2 Security Release

The 4.5.2 release is strongly recommended if you have an older one on your website. This version of WordPress has no bonus features or bug fixes, but it’s a quite important one since it addresses two security issues.

The first one is because of a third-party library called Plupload, which vulnerable by SOME (Same=Origin Method Execution). Its purpose is to upload images and files while you run it on a server. However, this vulnerability only affects your site if you have a WordPress version 4.5.1.

The second issue is a more critical one and it affects all versions from 4.2 to 4.5.1.  MediaElement.js is also a third-party library. It shows a standard video and audio player whenever you embed an audio or video file on your website. They discovered the XSS (Cross – Site Scripting) vulnerability of this library which is a serious problem.

WordPress 4.5.3 Maintenance and Security Release

Update version 4.5.3 is also available as a security release for all past versions so don’t forget to download this one too. As the previous ones, this is also strongly recommended especially if you want to improve your security. The security issues include:

  • Customizer redirect bypass
  • Two cross-site scripting issues through attachment names
  • Information disclosure in revision history
  • Denial of service by oEmbed
  • Category removal from post without authorization
  • Password change through stolen cookie
  • A few sanitize_file_name edge cases which were less secure

The WordPress team received many useful reports lately regarding these issues which were a big help for them to improve. These security flaws are now all fixed in this release. In addition, they have corrected 17 bugs from the previous 4.5.1 and 4.5.2 versions. These are just tiny adjustments and a little optimization for a better user experience, but feel free to check out the release notes at their website if you’re interested in the details. You can find a full list there including each of the bug fixes.

You can be surprised if you don’t update it

Don’t be one of the users who are not a big fan of updating once a new release comes out. Nowadays, almost a quarter of the websites are powered by WordPress. It’s not hard to imagine that some hackers want to figure out certain weaknesses to mess them up.

They install malicious codes in the WordPress header files or elsewhere most of the time. These usually redirect a huge number of users to malware-infested URLs. Mediaelement.js and Plupload were also updated by their own developers, so they can be used in other non-WordPress related tasks while keeping the developer environment safe.

A built-in updater is available in WordPress, so you don’t need to bother with the update manually. You can either use the auto-update or just push the button for triggering manual updates if you want. The point is that most of the time you’re better off downloading the new versions, especially if they are security releases.

Looking for a Good WordPress Hosting Provider?

STOP! BlueHost is the Best Host for WordPress. It has been recommended by WordPress.org since 2005. BlueHost offer top WordPress hosting along with expert support and 30-day money back guarantee.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditPin on Pinterest