New WordPress Vulnerability Alert

New WordPress Vulnerability Alert

Joseph Pennington

WordPress users have been troubled by an array of plugin vulnerabilities over recent months. There has even been a warning released by the FBI to make users aware of attacks specially designed to exploit WordPress websites. And now,

The plugin basically is a lead generation system which allows the user to monitor and test their calls to actions through A/B or multivariate split testing.

The risk level is rated ‘medium’ and High-Tech Bridge said there will be more details on the issue towards the end of this month., during talks with the web security company, found out that the vulnerabilities could open the back door into more than 10,000 WordPress websites and allow hackers to execute code and steal personal data.

The plugin developer has been notified of the findings and it is believed that versions 2.4.3 and prior are exploitable to the attack. The latest version of the plugin is 2.5.0.

Due to the presence of such vulnerabilities and our keen approach towards optimum security, we’ve put together a list of our top five things you can do to keep your website safe.

Update by GotCredit, on Flickr
Creative Commons Creative Commons Attribution 2.0 Generic License   by  GotCredit 
  1. Update, Update, Update

There’s a reason why there plugin updates are so often released—they contain patches and bug fixes that address either real or potential vulnerabilities.

When it comes to updating WordPress the message is ever more crucial. Hackers intentionally target older versions of WordPress to try and exploit known security issues. Luckily, you can stay one step ahead of them by ensuring you act on any ‘Please update now’ notifications!

  1. Keep a Backup

Many of us know the heartache that comes with realising you have lost a bunch of files without having taken those precious few minutes to make back ups.

To find out how to backup your site you can find step by step instructions on the WordPress Codex, but if you would prefer to have the helping hand of a plugin, we recommend using WordPress Backup to Dropbox to schedule regular automatic backups.

  1. Strengthen Your Passwords

Nearly 10% of hacked WordPress websites are down to one thing: A weak password.

It goes without saying that passwords such as ‘abc123’, ‘password’, or ‘letmein’ are a no-no; the best passwords combine two or more things which are personal to you, and use lowercase and uppercase letters, symbols, and numbers. The more complex the better; you can always use a password manager like LastPass to help with remembering them.

  1. Disable Dashboard File Editing

For anyone who has—or manages to gain—access to your WordPress dashboard, it is relatively easy to navigate to Appearance > Editor and mess with the theme files.

To avoid a hacker from being able to do this and executing a piece of malicious code, you can disable access from the dashboard by adding the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

  1. Use Security Plugins

It wouldn’t be fair to not mention some of the plugins out there that can work wonders for enhancing your sites security, and all with just a click of the mouse.

Here are a few of the most popular and most trusted options:

  • iThemes Security (formerly Better WP Security), #1 WordPress Security Plugin

  • All in One WP Security and Firewall

  • Sucuri Security – Auditing, Malware Scanner and Security Hardening

Header Image credit:

Broken Window by shinealight, on Flickr

Joseph Pennington

Author Joseph Pennington

More posts by Joseph Pennington