While there are many plugins available through WordPress that can improve your website, no plugin is a silver bullet. In this day and age of increasingly required ADA and other compliances, it is very important to have a development team that understands and is capable of performing inside the guidelines set out by WordPress. As new plugins make their way into the WordPress Plugins database, the company has begun to crack down on claims of guaranteed legal compliance with a new amendment to their plugin guidelines.
Tag: security
If your website still hasn’t migrated to HTTPS, visitors using the Chrome browser will soon begin seeing security warnings that label your page as “Not Secure”. This new feature, arriving in October of 2016 with Chrome Version 62, will be shown based on the browser’s detection of a few different website components that could potentially cause security threats including password fields, payment fields and other text fields the browser believes could be susceptible, even while in Incognito mode.
As the popularity of free drag-and-drop websites become more prevalent, the inherent dangers associated with them becomes more apparent. It was recently discovered the Wix platform, which boasts over 87 million users, was vulnerable to an XSS bug. Using this bug administrator accounts became vulnerable, potentially giving full control of the website to attackers.
WordPress recently encouraged webmasters to update their CMS packages to avoid the problems found with newly discovered vulnerability exploits. The company put out a security advisory with the latest version of the content management system warning webmasters of the potential threat.
WordPress, 4.6.1 contains an update to patch a cross-site scripting vulnerability and a path traversal security flaw, both grave security threats. An attacker can utilize these exploits to perform a wide variety of malice-based actions. Potential problems can include stealing session tokens and determining login credentials.
However, the most dangerous problem faced with these security threats is the ability of an attacker to remotely execute malicious code. These problems came from the discovery for attackers to take advantage of a scripting vulnerability related to image filenames on a WordPress site to utilize malicious JavaScript code.
This problem was discovered by SumOfPwn researcher Cengiz Han. The path transversal vulnerability, discovered by WordPress itself, was attributed to the upgrade package uploader. These problems are no longer an issue with WordPress version 4.6.1, but any versions that haven’t been updated are still vulnerable to this attack method. It is recommended that if you have no upgrade the content management system within your website that you do so immediately. The longer webmasters wait, the longer the website is at risk.
The newest version of WordPress also patched 15 different bugs that users were experiencing. These bugs included server setup problems for email, image thumbnail behaviors and infinite loop errors with plugin installations. For information on bugs that were specifically fixed see the release notes and list of changes. If you are worried about the vulnerability of your website, please contact your webmaster. If the updates or content management are installed incorrectly, the site may become unusable! The webmaster should be able to identify the WordPress version currently being used and update it as necessary.