A recent vulnerability in WordPress has allowed hackers to attack and deface tens of thousands of sites.
The popular blogging and website content management system (CMS) is used by millions across the world – including ourselves, and many of our customers.
The security flaw was found in an add-on for the blogging software, that was introduced in versions released at the end of 2016.
Still not out of the woods
According to a BBC report, security form Sucuri found and informed WordPress about the ‘severe’ bug on 20th January 2017, but WordPress delayed going public about it, to allow hosting firms to update their software to a fixed version.
This patched version of WordPress was released on 26th January 2017, which meant that many websites and blogs automatically applied the update.
But there are still many blogs which haven’t installed the updated, leaving them vulnerable to attack.
WordFence security firm founder, Mark Maunder, said that the vulnerability had created a “feeding frenzy” among hacker groups, with up to 20 different groups trying to take advantage of the situation and mess with vulnerable sites.
What should I do?
Just like your Windows PC, WordPress has updates that need to be regularly installed. If you don’t stay up-to-date with these, you leave yourself vulnerable.
Many of our customers use WordPress and we do that update patching as part of the hosting fees for them.
If you are concerned about the security of your WordPress website or blog, speak to the web designer of your hosting company and make sure you are paying them to do continued updates to your software.