Serious leak in WordPress plugins
WordPress is widely used, therefore it is also a sought-after target for malicious people.Most recently, security vulnerabilities were found in several well-known WordPress plug-ins.
These plug-ins have a combined total of more than 1.5 million installations. The vulnerabilities are found in Photo Gallery, Popup Builder and NextGEN, among others.The developers of the plug-ins have been further informed and they have released updates for this.
The piece of code to exploit this plug-in was in 8 out of 9 plug-ins investigated.According to a researcher from the company Forinet, many developers nowadays don't care much if this can be abused.
Since WordPress plug-ins have recently been increasingly misused, we decided to include some security tips in this blog post.
Install updates
Of course you want to make sure your hosting stays as secure as possible.Keeping it secure also involves updates, as many of these updates are security updates.
Fortunately, WordPress allows you to easily update these plug-ins in the admin environment.You only have to go to the plug-in page and press update, after this it will be updated.
However, it may take some time for this action to be fulfilled, you should not apply any other changes to your website until then.If you don't have time to make updates for this then Managed WordPress hosting is the perfect solution. Everything is updated automatically so you don't have to worry about updates anymore.
It is also advisable to immediately check your WordPress version, if this is an old version we recommend you to update as soon as possible.The version can be checked in the admin area, if you can update you will also get a notification about this.
Check the permissions
It could be that you have enabled write permissions on your website after the installation.If you have a website where you don't have to apply many changes then it is advisable to turn this off.
You can turn it off in your control panel, you do this by navigating to the file manager.Then click on your domain name and then you will see the wwwroot folder, click on the lock. Then you can turn off the write permissions.
If you have any further questions, you can always see if one of our chat operators is available.If no one is available you can always create a ticket to our helpdesk.