According to Sucuri, there’s an XSS vulnerability that affects a large number of WordPress plugins. Now, what does that mean for you and your site? Not a whole lot, really – but it DOES mean that your site might have a hole that could be exploited by ne’er do wells. Most likely, though – your site is fine. But, to be cautious and stay out in front of stuff, your site and your plugins needs to be updated.
Well, you can call us – we’d be happy to help out.
Or, you can take the DIY route and update your site and plugins yourself. It’s really very easy! Check out our video for super-easy instructions.
We also suggest using Sucuri’s security scanning plugin. Installing is easy – watch the video below.
Here’s a partial list of major plugins known to be affected by “The Hole.”
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
There are bound to be others – but the main takeaway here is this:
UPDATE YOUR SITE AND PLUGINS!
It’s a good idea to update things fairly often. WordPress developers and the community as a whole are a pretty proactive bunch, and you can bet your bottom dollar that plugin and theme developers are staying on top of this breach – and other breaches and snafus that nobody is really aware of. They stay on top of things – but to keep your site as safe as humanly possible, keep updated.
We try VERY hard to never touch core files or modify things to a point where you can’t update things. If we’ve developed your site, you should be able to update EVERYTHING at will without worrying about overwriting work we’ve done. Unless we’ve specifically let you know that you shouldn’t update something, get after the updates.
Keep it fresh, keep it updated, keep it clean!