Critical Zero-Day Vulnerability in WordPress Core Engine
December 31, 2016 1759
Unlike 3rd party vulnerable plugins, WordPress confirmed today that a critical vulnerability in its core content management engine exists. This core security vulnerability allow hackers to conduct a remote code execution on the Web server it is being hosted on in order to take full control of it.
How Does It Work
WordPress Versions Affected
The vulnerability affects the WordPress versions 3.9.3, 4.1.1, 4.1.2, and the latest WordPress version 4.2.
What To Do
At a minimum you or your webmaster need to update the WordPress core engine to the latest released version WordPress 4.2.1 that was released few hours ago. Next step should be disabling the comment system, only if it is not being used. Third, update all WordPress plugins to its latest versions.
Be Proactive: don't wait until you hear that a new vulnerability was discovered. Always update the WordPress core engine and plugins.
Backup: back to basics, always backup your WordPress site so it can restore your hacked WordPress installation.
Remove vs. Disable: remove unused plugins vs disabling it. The same applies to unused themes. If you don't use it, remove it.
An Ongoing Need to Stay Up-to-Date
Unfortunately and as usual, WordPress CMS used by millions is vulnerable again and site owners fail to understand the disadvantages of not being proactive with their maintenance and not utilizing a web maintenance service to constantly monitor and backup their WordPress sites. While you should focus on running your business, trying to be a passive webmaster is an open door invitation for hackers.
eLab Communications offer several maintenance and hosting packages specific to WordPress websites. Contact us today for a complimentary website health check and to discuss your available maintenance options. Fill out the form on the right or call us Toll Free 888.624.8321 - Local 831.375.7600