In late January, WordPress released a new version 4.7.2 as a security update for fixes to several moderate risk vulnerabilities. This is standard practice for the most widely used content management system for websites and blogs that rely heavily on third-party plugins and widgets.
Shortly after the release, the WordPress security team disclosed a much more serious vulnerability that was also patched in the version 4.7.2 released but wasn’t included in the release notes. According to an article in PC World, this vulnerability allows unauthenticated attackers to modify the content of any post or page within a WordPress site. While this vulnerability has been patched within the latest release, cyber criminals can take advantage of this vulnerability that is now known in the public domain for any unpatched sites.
With the amount of WordPress vulnerabilities inherent in the CMS and within third-party plugins, how can WordPress users stay ahead of the attacks. Here are a few simple steps to take:
- Use a trusted Hosting provider
- Remove or disable old and unnecessary plugin and extensions
- Enforce credential policies and restrict file access
- Install a web application security solution – like Trusted Knight’s Cloud-DMZ
With Cloud-DMZ, securing a WordPress website doesn’t have to be a full-time job.
While the WordPress interface is easy to maneuver, it’s also inherently insecure due to the open source nature of the platform. Even as recently discovered vulnerabilities have been patched, new ones are being discovered and exploited regularly.
What makes Cloud-DMZ a perfect solution for WordPress sites is that it defends against the full range of web attacks, regardless of the security of plugins and extensions. Cloud-DMZ provides enterprise-grade web application security and DDoS protection without additional maintenance from administrators and offers automated security policy updates so you don’t have to keep track of the latest WordPress updates and patches.
Learn more about WordPress vulnerabilities and how Cloud-DMZ can protect you here.