On September 19, WordPress released a new Security and Maintenance Update.
Needless to say: if you are a WordPress website owner, you should update now, if you didn’t already. Also, be sure to backup your website, if you didn’t do it recently!
To Backup your website is always important before installing Core updates. This prevents issues (such as your website becoming broken or unbrowsable) from rising, especially with Plugins, as they may not always be 100% compatible with the new version.
Need help with your WordPress Backup and Update? Contact us!
Cross-site scripting vulnerabilities (XSS), mostly.
This is a short list of the main bugs that have been found and that the 4.8.2 update fixes, along with a brief explanation, where needed:
XSS is a kind of vulnerability used to bypass websites’ access controls.
A path traversal attack (aka directory traversal attack) aims to access files and directories that are stored outside the web root folder.
Through open redirects an attacker may successfully launch a phishing scam and steal user credentials. This can happen by redirecting the victim to links identical to the original site, so to have a more trustworthy appearance.
There are other 7 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.8.2 directly from their website.
We are available to chat with you over these and other WordPress related issues anytime. Contact us!
If you are Administrator of a WordPress website, pay attention!
The security firm SiteLock has reported that WP-Base-SEO, a fake version of the legit WordPress SEO Tools plugin, has infected lots of WordPress websites.
As SiteLock shows, WP-Base-SEO does a very good job in faking legitimacy, providing references to the official WordPress Plugin Database and instructions on how to use the plugin properly.
Still, digging deeper in the main PHP files of the plugin, they found out a base64 eval request. It’s a PHP function very often used for malicious purposes and, as such, its use is disregarded by PHP.net. In this case, it opens up backdoor access to the website.
The security news website Threatpost states that over 4.000 WordPress sites have been infected by WP-Base-SEO. It is likely that the attackers have mass-scanned WordPress websites searching for outdated plugins to target. This is a very common practice.
Just to provide an example, in April, 2016 an outdated version of WordPress RevSlider image slider plugin, was held responsible for 2.5 terabytes data leak that went under the name of “Panama Papers”.
As always:
We at Handyweb have dealt with WordPress Security issues and can help you if you need solutions! Contact us!
WordPress has just released a Security and Maintenance Update.
The 4.7.3 update fixes important secuirity issues that 4.7.2 and previous updates still didn’t manage to fix completely.
Of course they suggest to install the update immediately and. as WordPress users ourselves, we can’t help but strongly suggest you to do that.
So, if your website uses WordPress as a Content Management System (CMS), you should backup your website and update WordPress Core to the latest version.
To backup your website is always important, especially before installing Core updates, so to prevent issues. Also, if your website has Plugins installed, these may not always be 100% compatible with the new version which can lead to your website becoming broken or unbrowsable.
Need help with your WordPress Backup and Update? Contact us!
Being an open source, heavily community-reliant CMS, WordPress updates are usually based on the huge amount of feedback coming from its huge user base (WordPress 4.7 has been downloaded over 17 million times).
This is a short list of the main bugs that the 4.7.3 update fixes, along with a brief explanation, where needed:
There are other 39 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.7.3 directly from their website.
We are available to chat with you over these and other WordPress-related issues anytime. Contact us!
Today’s headlines show that the Swift payment system has been hacked. This system is used by many leading banks in the world, probably including yours. Perhaps it is a good time to remind yourself of your responsibilities as a website owner: you should always protect your visitors’ data against hackers.
The headlines on the heading picture of this article are all cut from web stories today. There is an increasing level of security breaches even on top brand websites.
For website owners there are two areas to consider, when seeking to keep your website safe from hackers.
Do you have an Ecommerce website? Find out more about how to increase your Ecommerce security.
Your interaction with your online visitors is based of trust. If your website fails in delivering a proper protection for its visitors, building trust in them will be very difficult.
Here are 7 steps you can consider if you want increase your visitors’ trust
One of the easiest ways for hackers to access your website is because your software, like your website CMS, are not up to date. Many CMS such as WordPress often release Security and Maintenance Updates. These updates aim to close off the loopholes in security found in the previous versions.
More about why you should always keep your software up to date.