WordPress Security & Plug-in Updates

Wednesday, December 17, 2014 | By atomix
Wordpress security issue

A few weeks ago, a critical security patch for WordPress was released that needed to be implemented immediately.

You can view the original announcement here: https://wordpress.org/news/2014/11/wordpress-4-0-1/

The Threat? WordPress version 4.0 as well as versions 3.9.2 and earlier were affected by a critical cross-site scripting vulnerability, which could allow an anonymous user to compromise your website.

Pretty serious, right? We took immediate action and began prioritising our websites, first upgrading our clients that had a Security Plan, then moving onto those on Support Contracts and finally onto the remaining sites. As well as being the first to be patched, the sites that were being maintained under the Security Plans were quicker and easier to update as these had been regularly upgraded to the most recent version of WordPress. Whilst our team was busy applying the patch, we sent an email around to our affected clients and informed them of the work we needed to perform.

We worked well into the night to patch our most high-traffic and vulnerable websites.

Fortunately we acted fast, because, today it is estimated that over 100,000+ WordPress websites have been hacked.

Funnily enough, the recent hacking was not only due to the original security threat, but because of a plug-in, revolution slider – also known as “RevSlider.” A very widely used plug-in (even by us), for banner sliders, that are usually used on the home page.

How did we escape being a part of the 100,000 you ask? Well, we didn’t just stop after patching the immediate security threat, we made sure we upgraded all of the plug-ins too (including RevSlider).

Clients on our Security Plans were already safe when it came to RevSlider, as their are sites are regularly updated as part of our on-going process. However, fortunately, the severity of the WordPress patch gave us the excuse to upgrade the plug-ins on the websites at the same time.

It’s so important that your website’s software AND plug-ins are updated regularly to avoid being caught up with the out-of-date websites that have recently been hacked by automatic scripts crawling the web.

For more information regarding our Security Plans, please contact us on 08 7127 4881 or email us at hello@atomix.com.au