Serious Security Vulnerability – Update Now
Yesterday, WordPress released an important security update. A serious vulnerability was discovered with PHP’s XML processing that can result in denial of service attacks. This is a new vulnerability and can bring down your website down in seconds. Fortunately it was reported quietly to WordPress and Drupal that both use this and they have both released fixes to this problem.
If your WordPress software was already up to version 3.9 and you left it in default mode, your WordPress software will update automatically (minor versions only). Given the seriousness of the security vulnerability (this is considered a biggie FYI) you should check if you have the update .
Recommendation – make sure your WordPress website is updated immediately to version 3.9.2.
How to Check?
- Login to your WordPress dashboard at http://www.yourdomain.com/wp-login.php (or /login or /admin)
- On the left under “Dashboard” click the “Updates” tab.
- In the lower right hand corner, bottom of the screen – it should display “Version 3.9.2.”
- Does it show 3.9.2? Pat yourself on the back and wow, it did it for you automatically – cool right?
If your version of WordPress is out of date, you should have a yellow stripe across the top telling you an update is available. But wait, if you haven’t updated lately, first you need to BACK UP YOUR WEBSITE before you update.
Speaking of Backups…
Remember the saving your bacon comment above? Don’t rely on your web host for backups, many don’t perform backups to your website (or keep it only for 24 hours) and you can lose it if something happens to your site. Even something totally unrelated to you – a shared web host server has 100s of fellow web sites on the same server as yours and one bad apple can infect the rest.
My advice – VaultPress is completely worth it for non-techs, it automatically backs up your site in the cloud securely. Five bucks a month is cheap peace of mind and simply smart. FYI and it isn’t just non-techs, some of the biggest sites on the web use VaultPress – they are rock solid. If you are techie and don’t mind the occasional hand holding, backup buddy is fine also.
Want more? Check out “Some Basic Security Plugins to Keep the Baddies at Bay.”