WordPress auto updated to previous version as 4.0.13

  • This is the first time ever happened to me and still can’t figure it out how did it happen. Neither I found and reference via Google so posting it here.

    I recently (on August 26th) upgraded from WP 4.5.3 to WP 4.6.
    It was running fine with no trouble.
    But this morning I just saw an email into my mailbox with the subject “Your site has updated to WordPress 4.0.13”. That’s a far older version I had – don’t even remember when.
    Another thing is that auto updater was turned off when this auto update occurred. Following line of of code is in place in wp-config.php

    `define( ‘AUTOMATIC_UPDATER_DISABLED’, true );

    The readme.html file on the host still is the 4.6 version. but the WordPress Admin reports having an older version and prompting to upgrade to 4.6.x.

    View post on imgur.com

    View post on imgur.com

    View post on imgur.com

    • This topic was modified 8 years, 2 months ago by khurramar.
    • This topic was modified 8 years, 2 months ago by Steven Stern (sterndata). Reason: allow embed images by removed img src html
Viewing 7 replies - 1 through 7 (of 7 total)

  • I’ve not come across this myself but maybe an invalid value was accidentally (and temporarily) was left in a file somewhere to cause it to report the wrong version in the emails. The fact that is HAS updated to the correct version is good news.

    As for the variable to prevent auto-updates, this should work. Where in your wp-config did you place it? Also, the quotes in your post above are incorrect – it may just be the forum converting them but are you sure they’re the straight single quotes rather than the angled versions?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Actually a better filter for no updates is add_filter( 'automatic_updater_disabled', '__return_true' ); ??

    Also there’s a possibility your web host force ran the update (those things are overridable after all).

    That email totally matches the 4.0.x format though. Are you sure you’re looking at the right domain? I know I have a lot and it’s easy to forget what’s on what.

    Thread Starter khurramar

    (@khurramar)

    Thank you guys for your kind responses.

    @dartiss Thank you.

    The fact that is HAS updated to the correct version is good news.

    No. The website was not reporting the correct version as it was presenting me to upgrade to a newer version.

    Where in your wp-config did you place it? Also, the quotes in your post above are incorrect

    – wp-config is placed outside the root directory. It’s been there since years.
    – The quotes were perhaps converted in the BB editor in the forums. I can verify the code statement is just according to what is explained in WordPress Codex with straight single quotes.

    @ipstenu (Mika Epstein)
    Thank you. I’ll change the statement as per your suggestion.
    “Host pushing the update” might be an issue but can it trigger an email from within the domain until the update ran from the domain itself?
    And yes! I am sure the email was sent through the effected domain.

    Well. I now have updated to 4.6.1 manually but now I guess the email might just be a glitch and the website was not actually running an older version (as reported in the email) but 4.6 which was causing it to report about an available update of 4.6.1. However I am not sure about a possibility of an email being sent without an actual WordPress update.

    • This reply was modified 8 years, 2 months ago by khurramar.
    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    “Host pushing the update” might be an issue but can it trigger an email from within the domain until the update ran from the domain itself?

    Yes they can. It’s super easy if they have wp-cli. Still easy enough to trigger without when you have root access to a box.

    I would keep an eye on it. Maybe get some file tracking on the server to see if things are being updated weirdly. If you’re super nervous, treat it like a hack and delete all the plugins, themes, and core files and manually reinstall from known safe copies.

    Thread Starter khurramar

    (@khurramar)

    Hello, once again reporting same.

    On January 16th, when I hadn’t updated the the site to WordPress 4.7.1 and was running previous 4.7, I received the same email notifying about “automatic update has gone through” with a slightly later version 4.0.14. First when I started this thread, it was about 4.0.13.

    Well. The automatic update was still off and I manually update the website carefully. I checked the website and it was running fine with an available version 4.7.1 as I mentioned above. I ignored the email as we had the discussion here above and couldn’t find a clue.

    But now when I had time, a night before yesterday, I manually update the website to latest WordPress 4.7.1. All went good. But today morning, I again received an email notification with some other subject as below

    “WordPress 4.7.1 is available. Please update!”

    What? I just updated the website a day before. Anyways I entered the the admin and checked the version. It indeed is running the latest 4.7.1.

    So the question is. What should I do here? Any clue?

    Thread Starter khurramar

    (@khurramar)

    Hello @ipstenu

    This time it really needs attention. Please consider. I am really not sure what is happening. But it looks like that automatic update notifications have a correct sequence as once again I have received a new one.

    Here is the list of notifications I received.
    1- Your site has updated to WordPress 4.0.13
    2- Your site has updated to WordPress 4.0.14
    3- Your site has updated to WordPress 4.0.15

    The last notification I received yesterday even though my website was running WordPress 4.7.1

    This time I am really concerned about it because. Just yesterday evening, this website had a successful hacking attempt. Detailed thread about the hack https://www.ads-software.com/support/topic/wordpress-4-7-1-hacked-by-ng689skw/

    • This reply was modified 7 years, 9 months ago by khurramar.
    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    @khurramar, please remember you aren’t my client or customer.

    I can offer you help when I know the answer and advice and guidance otherwise. I’m not at your beck and call. My reply was four months ago. In no way does that make this an emergency.

    Stop panicking. I know it’s hard, but the more you panic, the harder it is for you to think clearly and debug.

    Check your server’s email logs. Make sure the email actually came from you.

    Flush every single server cache you have. Memcached, opcache, PageSpeed, CloudFlare. If you have a cache PLUGIN remove it for now. Just scrub it all off and reset the cache to zero.

    Treat it like a hack or corrupt file. By which I mean the LOGICAL thing here is to delete the WP core files and reinstall them. Then remove all the plugin files and reinstall them. Ditto theme. DO NOT do this via WP, no, do it by hand. SFTP or command line, but DO NOT USE WORDPRESS. It’s compromised.

    WP 4.7 and 4.7.1 are known to be vulnerable. That’s why you should always update to the latest version. But this is also why you take GOOD backups regularly. If you didn’t upgrade to 4.7.2 (which was 10 days ago) and make sure you were updated, yeah, you left the barn door open.

    Since you were hacked, all these messages are thrown out the window. They could mean nothing or everything, and without server access I can’t tell for sure. No, I won’t, don’t even ASK, I’m not for hire, and I refuse to log in to anyone’s server unless we’re related or they hired me.

    And if you can’t do those things, you need to hire someone. Sucri does have clean up for hire last I checked.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘WordPress auto updated to previous version as 4.0.13’ is closed to new replies.

Tags