The WordPress development team faced a series of missteps when they rolled out an update that rendered it impossible to install new WordPress sites. This flawed update led them to pause the rollout to address the issues, but this created further complications, necessitating an emergency update to resolve all the problems.
## Flawed WordPress 5.5.2 Security Update
The situation began on October 29, 2020, with a routine update designed to address critical security vulnerabilities. WordPress 5.5.2 aimed to prevent issues like Cross Site Request Forgeries, XSS (Cross Site Scripting) attacks, and more.
Unfortunately, this update introduced a bug that caused new WordPress installations to fail. WordPress provided the following explanation for the bug:
> “WordPress 5.5.2 …makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.”
To rectify this, WordPress halted the version 5.5.2 rollout. However, an unintended update began pushing out automatically.
## WordPress Alpha Update Accidentally Pushed Out
As the WordPress team was preparing WordPress 5.5.3 to fix the previous bug, WordPress auto-updates started pushing an update again. Due to the unavailability of Version 5.5.2, the automated system selected an Alpha version of WordPress for installation. This Alpha version was not intended for auto-update distribution.
## What Went Wrong
The development team introduced problems due to the lack of documentation on how to stop a WordPress update. As a result, they halted the update in a manner that allowed the Alpha version to begin rolling out. This issue has been addressed to prevent a recurrence.
An official post detailing the technical aspects stated:
> “…that won’t be done again. Now seems like a good time to document a correct and proper way of ‘stopping’ a release in progress, which honestly had not been attempted before. Stopping a release is actually pretty simple if they had made the correct change, so while their attempt was a reasonable assumption to make, it turned out to be wrong.
>
> The release system is complicated, and trying to do things with it that haven’t been anticipated and documented led to unexpected results. This will be improved through documentation and better code and management of the release system itself.”
## WordPress 5.5.3 Alpha Bugs
The issue with the WordPress Alpha installation was that it introduced additional WordPress themes and installed Akismet. While there is nothing inherently wrong with these themes, publishers must keep them updated to avoid future security risks.
WordPress announced:
> “Earlier today, the auto-update system for WordPress updated some sites from version 5.5.2 to version 5.5.3-alpha. This was due to an error caused by preparations being made for the 5.5.3 release.
>
> The 5.5.3-alpha version at this point was functionally identical to 5.5.2 as no development work had been started on 5.5.3, however, the following changes may have been made:
>
> – The default ‘Twenty’ themes installed as part of the pre-release package.
> – The ‘Akismet’ plugin installed as part of the pre-release package.”
A web page for the Alpha release was published on October 29, 2020, apparently labeled incorrectly as Version 5.4.3. This labeling seemed erroneous since WordPress 5.4 was released in March 2020, and going backwards from WordPress 5.5 to a 5.4 version doesn’t make sense.
The seemingly erroneous 5.4.3 Update Page contains documentation identical to the information published for Version 5.5.2.
## WordPress 5.5.3
The latest update, Version 5.5.3, encompasses all the intended features of version 5.5.2 without the associated problems. WordPress 5.5.3 resolves all the issues introduced in the 5.5.2 version.
WordPress clarified:
> “This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.
>
> If you are not on 5.5.2 or have auto-updates for minor releases disabled, please manually update to the 5.5.3 version by downloading WordPress 5.5.3 or visiting Dashboard → Updates and click ‘Update Now.'”
## Check Your WordPress Installation
Publishers are encouraged to ensure they are updated to Version 5.5.3. Earlier versions contain security vulnerabilities, so updating to the latest version is crucial.
The WordPress 5.5.3 maintenance release includes no apology for the issues, only “thanks and props” to the development team for resolving the problems they introduced.
