TIPS & NEWS

WordPress Content Injection Vulnerability

 WordPress 4.7.0 & 4.7.1 Versions Pose Severe Security Risks

At the end of January 2017, Sucuri Web Application Firewall (WAF) identified a severe security breach in WordPress template versions 4.7.0 and 4.7.1. For more information, please refer to this link WordPress 4.7.0 – 4.7.1 Content Injection . This content injection vulnerability risk used a REST API to give access to unauthorized users. As such, these users can alter content on any page or post, creating severe security risks to WordPress websites.

Sucuri immediately warned the WordPress Security Team, and the team quickly worked with Sucuri and other security providers to patch the breach before it became public. The security patch was released in the new WordPress 4.7.2 version.

 

How To Protect Against WordPress 4.7.0 – 4.7.1 Content Injection

To protect against this breach, make sure that your WordPress template has been updated to version 4.7.2. Sometimes template updates can affect the appearance and / or functionality of your site, depending on what the security patch fixed. It may not look or operate as it once did. Having a child theme activated for your site can prevent or minimize these affect.

All websites should have a child theme to minimize damaging affects experienced from WordPress template and plugin updates. If assistance to add a child theme is necessary for your site, feel free to contact Neo Design Concepts at info@neodesignconcepts.com and we can quickly incorporate it.

 

Why WordPress Website Antivirus & Firewall

As 74% of WordPress websites were breached in just Q2 of 2016, it is highly recommended that WordPress websites have antivirus and firewall installed. Just as we have these security systems for our network, it is important to have it on websites as well. This will help to monitor, scan, notify, and remove malware daily to minimize the destructive effects of security breaches.

For information on how to secure your WordPress websites, call Neo Design Concepts at (949) 682-8518. Protect your websites from malicious attacks to make it safe for your clients’ and your business.