Today the folks at Securi announced that over 300 Popular WordPress plugins had a security flaw that could allow a website to get hacked in certain situations. It is critical that you update your WordPress plugins immediately.
Insecure plugins include plugins such as:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
Update Your Plugins Right Now
The good news is that all of the plugins in the above list and many of the other vulnerable plugins already have fixed the security flaw. So do not pass go. Do not collect $200. Log into your website right now and update all your plugins.
How to Update Your Plugins
- Log into your WordPress Dashboard (usually at example.com/wp-admin)
- Click “Plugins” in the left hand menu.
- Click “Update Available” in the menu along the top. This will give you a list of plugins with updates.
- Click “Update Now” under the name of the plugin you want to update.
- Click “back” in your browser and repeat Step #4 for each plugin.
That’s it! All the plugins on your site are up to date. Generally you always want to keep all of your plugins up to date.
Are Author Media plugins like MyBookTable Vulnerable?
No. We are happy to say that Author Media plugins like MyBookTable and MySpeakingPage are not vulnerable to this attack. But that is not to say you should not update. We have added a lot of improvements and new features recently.
Does This Mean That WordPress is Not Secure?
No. Every computer system has vulnerabilities from time to time. The real question is “how does the community respond to attacks.”
In that regard, the WordPress community has reacted to this vulnerability with flying colors. The same day the vulnerability was announced it was patched.
Johannes Schmitt from Scrutinizer C responsibly reported the threat to Joost de Valk the developer behind WordPress SEO by Yoast. Joost then contacted the WordPress developers and the folks at Securi. Then the other plugin developers were contacted and they all released patches at the same time the vulnerability was announced to the public. This is about as good as it gets in terms of responding to new vulnerabilities. The quality of the WordPress community is one of its greatest strengths as a platform.
Another question is “how easy is it to respond to new threats. With WordPress all you have to do to protect your website is to login and click “update plugins.” WordPress itself add new security fixes automatically.
My Site is Hosted by Author Media Do I Need to Do Anything?
No. If we host your site, plugin updates are one of the benefits we offer our clients. So one of our technicians will update your plugins soon if they have not done so already. If are an Author Media client and have any questions or concerns please contact support.