WordPress 4.7.2 was released on January 26th and if you’re running your website with this popular CMS, we recommend that you check for updates ASAP.
To do this, login to your admin panel and select Updates
You will see the version of WordPress you are running and the option to update (if you haven’t already done so).
We also recommend enabling automatic updates on your website.
Earlier in January, our partner Sucuri reported a security issue to the WordPress team – a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.
They worked closely with the team at WordPress and version 4.7.2 and the updates includes protection against this threat.
If your version of WordPress is up to date, you are protected, however we recommend an extra layer of protection – we use it on all of our sites also.
For just $15 per month, your site will be protected from:
- Zero-Day Exploits
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- Local File Inclusion (LFI)
- SQL Injection Attacks
- Cross Site Request Forgery (CSRF)
- Login Form Bypassing
- Out-Of-Date Software
- Insecure Plugins
- Vulnerable Themes
- Bad GET or POST Methods
- Insecure Direct Object Reference
- Bash Bug / Shellshock
- Malicious HTTP Requests
- Remote Code Execution
- Malformed Cookie Requests