So, all of my sites say they are up to date, but with my Wordfence extension I am able to see “Security Issues Detected”. When clicking on more details, I see:
WordPress is not up to date.
Checks if WP is up to date. You have to change this yourself.
Back in the Sites tab, I don’t see anywhere that I can view the WP versions of my child sites, and since MainWP thinks they are all up-to-date, I’m not sure how to proceed.
I would start to check som individual sites where you can find the WP version in the Site Info widget. If it shows a version before WP 6.1.1, check it on the client site’s own dashboard. Which version is shown there? If there are older versions active, maybe the PHP version is too old to update WP core or updates are blocked.
The issue you are referring to seems to be a notification of MainWP Dashboard, not from Wordfence.
Got it… Looks like you’re right about this having nothing to do with Wordfence. So, I checked a few of the sites and that Site Info box was just what I was hoping to find. I do see in there, for the sites that aren’t up to date, a WordPress version 42. If I go to the site, I see they are on version 6.0.3 and PHP 7.4. I think I read recently that 7.4 is no longer supported so I will update them to 8 and hope nothing breaks. After that I’ll see if MainWP is able to update them remotely.
WordPress 42 is a non-existing version, so that’s strange. PHP 7.4 is fine, so that could not be the issue. I think something is blocking the updates. I haven’t seen this happen before. Are you using a plugin on the child sites that try to hide WordPress or block updates?
I bet it’s related to the “Block wp-version” security setting in my GridPane site dashboard. I just went ahead and updated all of the sites to PHP 8 and upgraded to the latest version of WP manually. Everything looks good on the front-end so I’ll just be sure to keep an eye on them when new core versions are released.
Hiding a WP version is no security measure. It could only be a very little bit useful if you are forced to run an old version, but hackers won’t check the version, they just fire their payload and find out if it works.
So you can safely disable it and check if updates work again. If so, that “security” setting is actually creating security issues (by not seeing updates).
Good point. I just disabled that feature on one site, tested, and now I see the correct version in my MainWP dashboard. I’m going to make sure to turn that off for the rest of my sites. Thanks again for your help! It is much appreciated.