2 days ago, WordPress released what they called a “critical security release” for all previous versions. This new release patches a vulnerability that was found in the commenting of WordPress which would allow a potential hacker access to your site.
This comes on the heels of several other vulnerabilities found in a whole list of popular plugins. They known plugins are below:
- Jet Pack (Many hosts preinstall this plugin for you!)
- All In one SEO
- WordPress SEO
- Google Analytics by Yoast
- Ninja Forms
- Revolutions Slider (This plugin comes prepackaged with a lot of premade themes so you may not be aware that you are using it. It’s security flaw was released earlier in the year, but is quite nasty and still prevalent.)
- WP-E-Commerce
- Gravity Forms
- Broken-Link-Checker
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WPTouch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Multiple iThemes products including Builder and Exchange
The vulnerability uses a WordPress function to access your site. While security teams checked the majority of the popular plugins, they were not able to check all. Likely this list is not exhaustive.
What can you do?
1. Update All Plugins. If you are running any of these plugins, update immediately. In fact, you should update all plugins whether they are on this list or not. You can do so within your WordPress backend under the tab called “Plugins -> Installed Plugins”. Any plugin that is not a custom plugin should be updated.
Note: If you have done any SEO on your site, you are likely running Yoast and All in One SEO. They are the two most popular SEO plugins. If your site is hosted on the KL Creative servers, these plugins have already been updated for you (by your friendly WP elves).
2. Update WordPress
You should also update to the newest version of WordPress. To find out if you are running the newest version of WordPress, click on “Dashboard” on the top left navigation. All the way on the bottom right corner of the page it will tell you your version number. The most current release is 4.2.1. If you are not running 4.2.1, you should receive a notice along the top asking you to update. If you do not, but the version number is still wrong, give us a call and we will take a look for you for free.
If you have any questions about the updating process, give us a call and we would be happy to take a look for you.
More Info…
