Update your WordPress

Discussion in 'WordPress Security' started by Jake, Oct 2, 2016.

  1. Jake

    Jake New Member

    Joined:
    Sep 21, 2016
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    If you own a website and it is one of the ~75 million that uses the WordPress CMS (Content Management System) then it’s important that you read this message.

    WordPress has released an updated version, WordPress version 4.2.3., as of July 23, 2015 that includes a fix for a XXS (Cross-Site Scripting) vulnerability.

    The compromise allows users who have Contributor or Author access to add javascript to the site using special shortcodes. Usually, only Editors and Administrators have access to do so. Abusers of the flaw can add javascript to your site and do all kinds of malicious things such as infecting website users’ computers with malware or stealing cookie information.

    Attackers will need a way to log in to the site with at least contributor privileges, which affords you some level of protection, however, it is better to close up any holes in your site that leaves it vulnerable then to hope they won’t get in.

    Criminal enterprises use expansive networks of compromised computers, called botnets, to send spam and spread malware and are always looking for more victims.

    Vulnerabilities in the most popular web platforms like WordPress and Drupal provide easy access to hundreds of millions of websites at a time using automated tools that identify websites with the vulnerability and then attacking them.

    What’s scary is once these vulnerabilities are identified in these web-based platforms, they can get automated attacks up quickly and do damage before most users would even know there is a problem.

    Back in October 2014, the Drupal security team reported a critical vulnerability had been identified and within three hours automated attacks started appearing. Two weeks later they announced to users that if their site hadn’t been patched within seven hours of the original announcement, they should assume that their site had been compromised.

    The rule of thumb with WordPress, and should be for any CMS users out there, is always run the latest version of the software. WordPress released their first version, version 3.7, back in October 2013, that has automatic security updates, but users of Drupal are still waiting for something similar.

    If you site doesn’t have auto-updates enabled, you can easily change that by logging in, going to Dashboard then to Updates and clicking on “Update Now” or also by downloading a copy of the software and installing yourself.
     
  2. Taylor

    Taylor New Member

    Joined:
    Oct 25, 2016
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Gender:
    Female
    I think that updating the site is super important. I mean that way you're able to make sure that everything is running smoothly, but then it will be harder for people to hack.
     

Share This Page