At AWESEM we take website security extremely seriously and have blogged many times in the past about the importance of keeping your website updated to protect against any known vulnerabilities in your WordPress theme or plugins.
There have been a number of vulnerabilities flagged recently, which should serve as a sobering reminder to keep your plugins up to date on a regular basis. Not only will these updates keep your website safe, they’ll also fix known issues and boost performance.
The WPScan Vulnerability Database is a hugely valuable resource for identifying and staying up to date with any new vulnerabilities that have been determined by online security experts. To make it simple to stay educated about any potential security issues you can even sign up for free alerts so you never miss a notification.
A sample of the recent vulnerabilities you should be aware of are:
All In One WP Security & Firewall <= 4.4.1 – Open Redirect & Hidden Login Page Exposure
Export Users to CSV < 1.4 – Unauthorised CSV Access
Download Plugins and Themes from Dashboard <= 1.5.0 – Unauthenticated Stored XSS
WordPress <= 5.2.2 – Cross-Site Scripting (XSS) in URL Sanitisation
WordPress 5.0-5.2.2 – Authenticated Stored XSS in Shortcode Previews
WP Engine recently debuted their automated plugin updates tool with interesting new visual recognition technology, which they describe as follows:
Smart Plugin Manager is a WP Engine feature that keeps your environments secure by automatically updating all of your WordPress plugins to ensure that they’re always up-to-date. Additionally, Smart Plugin Manager will check to ensure that the updates are working as expected, and that the update did not cause any visual problems on your site.
At AWESEM we offer monthly, quarterly or bi-annual update packages so you can rest safe in the knowledge that your site is fully updated on a regular basis. Our packages cover both core and plugin updates and all updates are tested first on a staging site to ensure there are no interruptions to your live website. We also offer a malware clean up service if you suspect or know of any hacking activity. For more information about these packages please don’t hesitate to contact us today for a quote.
