WordPress vulnerability leads to compromised sites

WordPress recently confirmed a security flaw has existed in its WordPress blogging software since the end of 2016. The bug has affected tens of thousands of websites, specifically WordPress blogs and news of the vulnerability continues to spread via popular sites such as BBC News and many tech websites too. Not only does this mean WordPress sites can be compromised, but it also means the vulnerability can potentially be used as an entry point to take over the whole WordPress website. To date the most common type of compromise has been defacing the most recent blog post. What should you […]

Are your WordPress plugins and themes up to date?

Have you heard? There have been concerns over the security of some very popular and regularly used WordPress plugins and themes recently? Joost de Valk of Yoast.com – a programmer of plugins himself, has determined the misuse of the add_query_arg() and remove_query_arg() functions. To most people this probably doesn’t mean a great deal, but it is important to anyone running a WordPress website. The presence of such code in plugins and themes commonly used in WordPress means that a large number of websites, may be open to Cross-site scripting or XSS vulnerabilities. Cross-site scripting/XSS vulnerability does enable hackers or bots […]