WordPress security updates for 3.5 and 3.6


WordPress.org recently released a security update for WordPress versions 3.8 and 3.7. More details on the updates can be found at the blog post over at wordpress.org.

As some of our clients have a few sites that are on older versions for WordPress at the moment, we needed to patch those with these security fixes – so we’ve also updated WordPress versions 3.5.2 and 3.6.1 with the same fixes – in particular we wanted to update the problem around authentication cookies which we know is present in 3.6 and 3.5 branches.

How to update

Attached below you’ll find two zip files per version of WordPress.

If you have installed WordPress using SVN, then you should grab the patch file, unzip it and apply it to your site – this will update each changed file with the relevant fixes.

If you uploaded your WordPress install using FTP, then download the Updated Files – this is a directory layout of WordPress with only the directories and updated files in it – you can FTP this to your server and it should only update those changed files.

IMPORTANT: make sure your FTP is not set to delete directories before uploading new ones, as that could mess up your site – you want it set to Merge existing directories. If you are unsure then you can manually upload each file to the relevant directory.

WordPress 3.5.2

Version 3.5.2 Patch File

Version 3.5.2 Updated Files

WordPress 3.6.1

Version 3.6.1 Patch File

Version 3.6.1 Updated Files