Update Your WordPress Today! A Core Vulnerability Has Been Found

September 7, 2012 · 7 comments

by Lars

wordpress-core-vulnability

This morning I learned that serious vulnerability has been found in WordPress core and that updating fast is critical! WordPress released a new version 3.4.2 yesterday that besides the essential security fixes also have a few functional bug-fixes. Failing to prioritize an upgrade like this may be an invitation for hackers, but make sure you follow the upgrade guideline and that you make a full backup before proceeding!

Typically hackers seek to use WordPress websites as a platform to distribute malware and steal traffic and the huge popularity of WordPress makes it an ideal target. Many blogs have a good deal of traffic and once a vulnerability is known it is possible to write programs that systematically scan WordPress websites for the invulnerability.

Once a site has been affected it is unfortunately quite difficult to identify the malware and find the many back-doors hackers install to keep the site under their control. Therefore site owners are often not aware of the problem – at least not until the site locked out by major browsers and search engines showing a warning and recommending users to stay away from the infected website. This is where you start to panic… I did the first time it happened to one of my sites. Good news is that once the site is cleaned it is possible to request the ban to be lifted e.g. using Google Webmaster Tools.


ElegantThemes
ThemeForest

Advertisement

I use WebsiteDefender to protect and scan all my sites daily and I get warnings like the one below when plugins or core service need to be upgraded. This is useful as it makes the window of opportunity for hackers a lot smaller … if you react on the warnings.

wordpress-core-vulnability-websitedefender

I have had one of my sites hacked some time ago and I was really under pressure. I did some research and found WebsiteDefender to be very useful (started using the free service). After trying to get rid of a hacker infection for weeks I found it to be very effective for identifying and cleaning the infected files spread all over my server – used by the hacker to gain access to the server (hidden back doors).

I also use Sucuri as I find their 1-click hardening effective. Further it works a bit differently than WebsiteDefender (daily scanning – premium plan) and do proactive protection – among other things it block IPs that send “suspicious requests”, keeps a record of all transactions performed in the back-end etc.

Author : Lars Vraa

Lars is passionate about web design, web development, SEO, social media and loves to look into new technologies, techniques, tools etc. and to write articles for tripwire magazine readers.

{ 6 comments… read them below or add one }

desain logo September 11, 2012 at 6:46 am

It’s in reality a great and useful piece of info. I am satisfied that you simply shared this helpful info with us. Please keep us up to date like this. Thank you for sharing.

Reply

kalamazoo mi website designers September 9, 2012 at 1:36 am

Thanks, I would not have noticed this important upgrade if it was not for tripwire.
Hugh

Reply

Lars September 9, 2012 at 8:44 am

Glad we could help!

Reply

Garry September 7, 2012 at 10:51 pm

Wordpress is a good software package and I have upgraded to the new version, I keep all of upgrades updated. Keep up the good work Tripwire.

Reply

Elisha September 7, 2012 at 6:10 pm

I was suggested this web site by my cousin. I am
not sure whether this post is written by him as no one else know such detailed about my difficulty.
You are amazing! Thanks!

Reply

Arslan September 7, 2012 at 10:33 am

I updated my wordpress just now, what will happened?
:(

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

{ 1 trackback }

Previous post:

Next post:


Web Analytics