At the end of January 2017, Sucuri Web Application Firewall (WAF) identified a severe security breach in WordPress template versions 4.7.0 and 4.7.1. For more information, please refer to this link WordPress 4.7.0 – 4.7.1 Content Injection . This content injection vulnerability risk used a REST API to give access to unauthorized users. As such, these users can alter content on any page or post, creating severe security risks to WordPress websites.
Sucuri immediately warned the WordPress Security Team, and the team quickly worked with Sucuri and other security providers to patch the breach before it became public. The security patch was released in the new WordPress 4.7.2 version.
To protect against this breach, make sure that your WordPress template has been updated to version 4.7.2. Sometimes template updates can affect the appearance and / or functionality of your site, depending on what the security patch fixed. It may not look or operate as it once did. Having a child theme activated for your site can prevent or minimize these affect.
All websites should have a child theme to minimize damaging affects experienced from WordPress template and plugin updates. If assistance to add a child theme is necessary for your site, feel free to contact Neo Design Concepts at firstname.lastname@example.org and we can quickly incorporate it.
As 74% of WordPress websites were breached in just Q2 of 2016, it is highly recommended that WordPress websites have antivirus and firewall installed. Just as we have these security systems for our network, it is important to have it on websites as well. This will help to monitor, scan, notify, and remove malware daily to minimize the destructive effects of security breaches.
For information on how to secure your WordPress websites, call Neo Design Concepts at (949) 682-8518. Protect your websites from malicious attacks to make it safe for your clients’ and your business.