Wordpress recently released a new update (4.4.2) which is primarily aimed at increasing security. It is recommended that anyone who has a WP website update to the latest version ASAP. Up until now these security risk were not easily detected, however now that it has been detected it is as simple as updating your WP OS to 4.4.2 to reduce the chance of malicious attacks on your website and your visitors. Read more about the WordPress update here.
There are two specific weaknesses that this update is designed to stop.
The first is a server-side forgery request (SSRF) which acts as though the server is sending a request for information when it is actually an independent third party with no access to the server. This type of attack mimicks as though the attacker already has access to the server and is able to circumvent security measures to gain access to your information.
The second is an open-redirection attack.
This means that as a user comes to your site they can be redirected to another domain where malware or ransomware was then placed on their computer.
Malware is any malicious software that is intended to damage or disable a computer. Some common examples of malware include worms, trojan horses, spyware, and viruses. Ransomware is a program that encrypts the files on a persons hard drive and only offers up the encryption key when a ransom is paid. To read more about Ransomware click here.
We recommend you sign up for NetClimber’s Pro-Active Maintenance, Monitoring & Response Package for WordPress clients. This is available at a special introductory price until May 31, 2016. Alternatively, we recommend at minimum, you address all updates where security is a concern and we can provide this on an hourly basis. In this case, it would be your responsibility to contact NetClimber regarding updates. Its important to know that allowing updates to get too many versions behind may cause a greater amount of work in the future due to issues with security violations and/or functionality and layout issues. Please let us know if we can assist with either of these options.