This week has been a big week for security flaws showing up in WordPress. Â There have been a number of WordPress vulnerabilities surfacing.
Firstly we had news that a huge number of plugins were using a feature of WordPress incorrectly due to poor documentation and exposing WordPress sites to script injection hacks. You can get full details here http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins
The plugins in question were big name ones. Â Plugins that I use on almost every site I build, so this was a BIGÂ Â issue.
Secondly WordPress itself released a security patch to close another loop hole that had been found. Again full details here http://wptavern.com/wordpress-4-1-2-is-a-critical-security-release-immediate-update-recommended
We spent a lot of time updating and testing sites this week.
I recommend you finish reading this post, backup your site and apply any updates your site needs now.
I Cannot Stress The Importance Of Updating
I recommend to all site owners that they apply updates to WordPress, plugins and themes as they are made available. Â The eco-system of WordPress is vast with a huge combination of plugins, themes and versions of WordPress, you need to keep everything up to date to keep hackers at bay.
I check client sites daily for updates, over and above updating I also harden security on WordPress sites.
My Security Regimen
Here’s what I do to my clients sites and my own.
- Take daily backups so i can recover in the event of a hack
- Update everything regularly (we check daily on our sites)
- Delete unwanted / unused plugins, just because they are not active does not mean hackers cannot exploit code
- Install a security monitoring solution to spot hack attempts and send alerts. My current favourite it iThemes Security
- Harden security to stop hackers making changes – again use iThemes security to do this
Check Out WP Insure
Yes this was all a thinly veiled sales pitch, our WP Insure service which was designed to keep your site up to date and secured.We keep everything update to date, harden security and monitor your site for any issues. Why not take our a 30 day free trial to test drive our service.