WordPress 4.7.4 Maintenance Release

After almost sixty million downloads of WordPress 4.7, WordPress 4.7.4 is available for download/upgrade.

WordPress 4.7.4 fixes 47 bugs from Version 4.7.3, including an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API.

For a full list of changes, consult the release notes and the list of changes.

WordPress Fatal error: Call to undefined function current_theme_supports()

WordPress

It’s another day and another WordPress error. You might see the following error after some type of update:

Fatal error: Call to undefined function current_theme_supports() in /home/u691482164/public_html/wp-includes/taxonomy.php on line 148

The exact cause is a little murky. The most likely cause for this is while you were updating WordPress or possibly a plugin, the files didn’t get updated correctly. Old files weren’t replaced or the update only partially completed. The good news it that to fix this error, you just need to do the update again. You’ll probably have to manually do the update. So if you were updating WordPress, make sure to update the appropriate files/folders (root, wp-admin, wp-content, wp-includes). But be careful not to delete your theme in wp-content. Definitely back-up your files before you start replacing things. That way you at least have something to go back to if you seriously mess things up.

I hope this helps someone. If you’re still having problems or need help, leave a comment and I’ll try to help. But I also recommend checking on the WordPress Support Forum – lots of super helpful and smart people. And if you already host your own WordPress instance or want to start, check out my list of Best WordPress Hosts.

WordPress 4.7.3 Security and Maintenance Release

There’s another update by the WordPress team. The last update was back in January, so it’s been over a month since the last update. I definitely recommend upgrading as soon as possible. I had not updated my system and hackers were able to compromise my site and publish their own content. It was easy to revert the content, but it was not a great a feeling knowing someone had updated my site without my consent. Details on the update below.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.2 and earlier are affected by six security issues:

  1. Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
  2. Control characters can trick redirect URL validation.  Reported by Daniel Chatfield.
  3. Unintended files can be deleted by administrators using the plugin deletion functionality.  Reported by xuliang.
  4. Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Marc Montpas.
  5. Cross-site scripting (XSS) via taxonomy term names.  Reported by Delta.
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.  Reported by Sipke Mellema.

In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

PHP Fatal error: Call to undefined function wp_suspend_cache_addition()

WordPress

I encountered another error causing my site to not load and blocking me from logging into the admin console. So if you’re getting the following error in your logs, keep reading to learn how to fix the problem and get your site up and running.

Fatal error: Call to undefined function wp_suspend_cache_addition() in /home/u356894638/public_html/wp-includes/cache.php on line 415

This error is most likely due to a caching plugin – if you’re not sure what that means, check to see if you have one of the following plugins:

  • WP Super Cache
  • W3 Total Cache
  • WP Rocket
  • Any plugin with the word “cache” in it

What probably happened is that the plugin was updated and/or WordPress was updated and is causing this incompatibility. So what do you do? The only guaranteed solution is to disable the plugin until the issue is resolved by the plugin. To disable the plugin, you’ll need to access to your website’s filesystem through your control panel’s file manager, FTP or direct shell access via SSH. Then follow these steps:

  1. Navigate to /wp-content/plugins
  2. Find the directory/folder of the plugin causing the problem
  3. Rename the directory to something else (i.e. badplugin-disabled)

Once you’ve done that, your site should be active again and you should be able to login to the admin panel.

I hope this helps someone. If you’re still having problems or need help, leave a comment and I’ll try to help. But I also recommend checking on the WordPress Support Forum – lots of super helpful and smart people. And if you already host your own WordPress instance or want to start, check out my list of Best WordPress Hosts.

WordPress 4.7.2 Security Update

WordPress

We have an update from the WordPress team and WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. It’s great to see another update addressing some fairly serious security issues. This is a good sign of well-maintained software. Kudos to the team over at WordPress.

WordPress versions 4.7.1 and earlier are affected by three security issues:

  1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
  2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
  3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.

Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4 look at more info.7.2.

UpdraftPlus PHP Fatal error: Can’t use function return value in write context

WordPress

If you’re reading this, you probably have a dead site and you’re seeing the following error in your logs:

Fatal error: Can’t use function return value in write context in /home/u356894638/public_html/wp-content/plugins/updraftplus/admin.php on line 3855

This is luckily a known issue and something that can be fixed. Unfortunately, the options to fix this are manual and may require more technical understanding than some people have. You can read through the thread on the WordPress Support Forum or just take a look at your options below:

1) Download this file and save on your computer: https://plugins.svn.wordpress.org/updraftplus/tags/1.12.32/admin try this site.php. Then, using a FTP or the file manager in your web hosting control panel, replace the file wp-content/plugins/updraftplus/admin.php with this file:

OR

2) Using FTP or the file manager in your web hosting control panel, remove the directory wp-content/plugins/updraftplus. You will then be able to log into your admin area. Your front-end site will be down until you do so.

OR

3) Use any remote-control panel product that you have connected your site to (e.g. UpdraftCentral, JetPack Manage, ManageWP, etc.) to update UpdraftPlus.

OR

4) Edit the file wp-content/plugins/updraftplus/admin.php in any tool of your choice, and remove lines 3855-3857, which are:

if (isset($settings['updraft_include_more_path']) || UpdraftPlus_Options::get_updraft_option('updraft_include_more_path')) {
$more_files_path_updated = true;
}

OR

5) Using your web hosting control panel, update your site to use PHP 5.5 or later.

I hope this helps someone – I would highly recommend option #4 if you’re comfortable editing files on your server. Then you’ll be able to update the plugin from within the admin console which will be least risky way to upgrade a plugin.

 

PHP Fatal error: Cannot redeclare get_avatar_url()

WordPress

So my last post explaining how to resolve a WordPress issue got some really positive feedback and clicks, so I figured I would share my latest WordPress issue:

PHP Fatal error: Cannot redeclare get_avatar_url() (previously declared in /home/u356894638/public_html/wp-includes/link-template.php:3798) in /home/u356894638/public_html/wp-content/themes/custom_theme/functions.php on line 1: /home/u356894638/public_html/index.php

And in case you’re wondering if you’re experiencing the same problem I did, I should add that this caused my entire site to go down and be blank. I had to look in my Apache logs to find the error being thrown by WordPress. So now that we have the error and the symptoms of the problem, let’s move on to the answer…

As always, I like to says YMMV (your miles may vary), but I was able to resolve the issue by updating my theme (which I built). I had implemented a custom version of the function get_avatar_url which conflicted with the version built into WordPress core. I simply renamed the function and updated the files that used the function and the error went away.

I hope this helps someone. If you’re still having problems or need help, leave a comment and I’ll try to help. But I also recommend checking on the WordPress Support Forum – lots of super helpful and smart people. And if you already host your own WordPress instance or want to start, check out my list of Best WordPress Hosts.

WordPress 4.7.1 Security and Maintenance Update

WordPress 4.7.1

The WordPress team released a new version of WordPress to address security and maintenance issues. WordPress 4.7.1 addresses 62 bugs and 8 security issues. Because of the security fixes, it’s recommended that you update immediately to avoid someone exploiting the vulnerabilities. WordPress 4.7 was released back in December, so it’s nice to see an update within a month that addresses both security issues and bugs. In case you still need a reason to update your installation, here are the security issues fixed with this release:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
  5. Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key. Reported by Jack.

Release notes can be found here. And for instructions on how to upgrade to WordPress 4.7.1, see Updating WordPress.

And lastly, if your site is powered by WordPress, I highly recommend taking a look at our best WordPress hosting providers to see how your hosting provider stacks up. And if you’re looking for hosting, take a look at the list to find the right host for you.

Fatal error: Class ‘WP_Taxonomy’ not found

WordPress

One of the great things about WordPress is that it gets updated frequently and unfortunately, one of the dangerous things about WordPress is that it gets updated frequently and can break things. I recently updated to WordPress 4.7 and got the following error in my Apache logs:

Fatal error: Class ‘WP_Taxonomy’ not found in /home/u356894638/public_html/wp-includes/taxonomy.php on line 384

Actually, I should first mention that my site went down and I got a blank screen, so then I went to investigate my logs. After some searching and stumbling across this support thread on the WordPress support forum, the reason for the error seems to stem from not updating my wp-settings.php file. I manually update WordPress and update only the necessary files to make it easier to roll back if there is a problem but I completely missed updating wp-settings.php. Once I updated the file and restarted my server, everything was back to normal. A fairly simple and painless fix but still something that caused me a bit of grief. I hope this post helps someone having the same problem.

And lastly, if your site is powered by WordPress, I highly recommend taking a look at our best WordPress hosting providers.

Happy New Year

It’s a brand new year, so I want to wish everyone a prosperous 2017. At BuildHack, we want to help small businesses, hobbyists and even startups get online and build their digital presence. It’s not easy to start something new, so we want to be there to help make it as easy as possible. If there’s anything we can do to help, please reach out to us on Twitter. Here’s to an amazing year.