WordPress Security Advisory

We are currently seeing a high number of WordPress installations being hacked due to out of date scripts, plugins, and themes. The folks at WordPress are very good about releasing fixes whenever they hear about a new exploit. Please take some time to check your installations and update everything noted in your WP admin panel under Updates including anything installed such as a theme or plugin that is not currently being used. Consider removing unused items for better security.

WordPress 3.3 was just released as well as updates for their 2 default themes.

Now is also a good time to harden the security of your blogs. There are lots of things you can do to protect your blogs from hacking. http://www.wpsecure.net/ has tips and info on recent exploits. See also http://codex.wordpress.org/Hardening_WordPress . Many more tips are available by using search engines to search for “securing wordpress”. A little time spent now on this can prevent huge headaches and downtime in the future.

There are numerous security plugins you can install such as Login Lockdown, WP Security Scan, and Mute Screamer. I highly recommend them.

Before making any changes, be sure to make a full backup of your account in your control panel under Backups. WordPress users should also be doing routine database backups either with a cron job or a plugin named WordPress Database Backup. The database is the heart and soul of any blog. Scripts can easily be reinstalled but not lost data without current backups.

No Comments

Leave a Reply

You must be logged in to post a comment.