Here at SWCP, we love WordPress, the planet’s most popular and versatile open-source blogging and Content Management System. This very blog is a WordPress site, our Basic Web-Hosting package is tailored to support WordPress websites, and we even hold frequent WordPress meet-ups and working sessions at our Ideas & Coffee coworking suite next door.
So, when news recently came of a serious bug potentially affecting all out-of-date WordPress sites, we were deeply concerned. This latest security threat, a “critical unpatched 0-day vulnerability affecting WordPress’ comment mechanisms“, should not be ignored. It would allow an attacker to manipulate post comments to infect visitors with malware, spam, or even install backdoors on your site.
The first thing to do is to disable comments, check to make sure no bad actors have commented or become members and eliminate them. Then you should immediately backup and upgrade the WordPress platform to version 4.2.1, which is now patched. If you already updated to 4.2.1 a while ago, you may have to do so again.
For someone who is not technically-minded, or just wants a simple, safe platform on which to do their thing, this can be asking a lot.
Though the process of updating has become much easier over the years, many people still put off site updates as long as possible, unfortunately all-too-often not until the site breaks or is compromised. Site maintenance is nowhere near as fun as posting, after all, and to do it right, the site itself and its associated MySQL database should be backed-up. Then the WordPress site itself needs to be updated. And then there are usually a ton of widgets, plug-ins, and such that need to be updated and tested, too, to make sure they still work. So the process can be a bit of a distraction, and rather intimidating, too.
We sympathize. This situation inspired us to create a new, automatic update service for WordPress site owners. It works for all WordPress sites and themes. For a low monthly fee, those pesky update and security worries can be eliminated. SWCP will keep your site totally up-to-date and backed-up, so you can concentrate on creating strong, compelling content that will draw readers to your blog or site.
We’ve sent out emails to our customers who have sites that may be vulnerable. But even if you’ve got the latest patch installed, other bugs will come in time, and doubtless the platform will continue to evolve. So the need for quick, easy updates will continue for everyone, newbie and wizened pros alike. Our new service is the easiest way to deal with it all available.
Check out the details of our WordPress Monitoring and Update Service here.