WordPress Security Updates
For those of you who watch the news on anything web-related or have web geeks (like myself) as friends, you’re probably aware that security is a big concern when it comes to your website & a WordPress website is no exception. Since WordPress is open source, anyone can write code that can be used on a WordPress website, which is a two-way street – it means that it’s super easy to get a custom solution in place for anyone with a WordPress site but it also means that there’s a high chance of some bit of code being exploitable that wasn’t caught by the developer. If you are a developer or you know a developer, you can appreciate how they’re always swamped with work & we can’t always test every bit of code that we write, let alone when you have several bits of code put together that interact in mostly predictable ways … but every site is unique & it’s impossible to predict how every snippet of code will interact with every other snippet.
So, that brings us to the point of this post – this summer there was an event called The Summer of Pwnage that focused specifically on revealing & fixing WordPress security issues and they found some doozies. For plugins such as WooCommerce, the most popular e-commerce platform going, the issues were rectified almost immediately and that’s a good thing. There are still vulnerabilities that are present in some plugins, as you’ll see when you view the list. Someone may get put off of WordPress by looking at the number of vulnerabilities that this exercise turned up but we’d like to point out that this exercise was held in complete transparency and several exploits that were discovered have already been resolved.
At the end of the day, this exercise serves to highlight what we’ve always said when it comes to your WordPress security for your site – it’s absolutely essential that you keep your version of WordPress and your plugins up to date. Remember, there’s a reason for those updates and if your site is hit by a previously addressed vulnerability, there will sadly be no redress for the affected site owner after having been pwned. In addition to keeping your site software up to date, website owners should keep a backup of their site that is not located on their web server that hosts their site – just as The Summer of Pwnage has shown, there are almost always vulnerabilities that haven’t been discovered, yet. Don’t let a vulnerability discovered on your site serve as a harsh reminder that you should have backed your site up.