Wordpress Vulnerability
Wordpress Vulnerability
Wordpress is the most popular website software in use today by a wide margin, which provides substantial concern to this week's discovery of a major security vulnerability in many of its
most popular plugins. This vulnerability, referred to as Cross-Site Scripting (XSS), allows hackers to gain full access and control over your website server. This is most often used to flood SPAM out through each web server and/or place phishing or malware content, allowing them to use your website hosting for their nefarious purposes.
In recent years, Wordpress has become much more secure and hacks were less frequent. But this vulnerability opens up millions of websites to potential hacking. Indeed, we have recently been engaged by a client to clean their Wordpress website, which had continual security vulnerabilities exploited.
How Big Is The Problem?
The vulnerability in this case is not in the core Wordpress code itself, but in many of its most popular plugins. A scan of the 400 most popular plugins revealed this vulnerability in over a dozen of them, including All In one SEO, Gravity Forms and WP-E-commerce just to name a few. Keep in mind that there are over 37,000 plugins available for Wordpress and the severity of the problem becomes clear.
What You Should Do
Wordpress is scanning its plugins and notifying the developers that have this security hole. Many plugins have already provided upgrades which fix this vulnerability. This makes it imperative that you upgrade all of your plugins to the most recent version as soon as you are able. Doing this after a hacker has exploited your website will NOT remove their malicious code, so time is of the essence.
Our team is always here to assist should you need or want assistance. Most plugins upgrade simply and easily. But some upgrades can cause site errors and even break your website completely. We recommend you follow our pattern in upgrading:
- Make a full copy of your website
- Upgrade plugins (or Wordpress) on the site copy
- Examine the website copy thoroughly to assure proper functionality following the upgrade
- Once assured, launch the upgraded copy of the website live, replacing the existing
Good luck! And don't be afraid to ask for help.
