On 27th April, WordPress released a critical security update to a fix a security flaw found in previous versions of the content management system (CMS). They are urging all website owners to install the update as soon as possible to eliminate any chance of a website attack.
The vulnerability was discovered by Jouko Pynnönen, and it affects millions of sites worldwide. It works when the attacker injects malicious JavaScript code greater than 64kb into the comments section of the website. If the comment is then viewed by a logged in administrator, the hacker could then run code on the server, change the administrator password, add new administrators and deface the website etc. Usually, WordPress won’t publish a comment until a first post by a user has been approved. However, the attacker might be able to fool an administrator with a standard first comment, so they can go on to have malicious comments in the future automatically approved.
How to install the update:
- Log in to your WordPress Dashboard (http://www.yourdomain.com/wp-admin/)
- Click Dashboard > Updates down the left hand side
- Click the ‘Update Now’ button
You can find out more about the update by going to the Official WordPress Blog.
Remember, you can learn to build all kinds of websites in WordPress by purchasing our book WordPress in easy steps. Here are just some of the things you will learn from the book:
- How to set up WordPress via HostGator
- How to create pages and posts
- How to change the appearance of your website
- How to add content to your pages
- How to build an online store
- How to build an online forum
- How to add users
- Adding contact forms
- Website Translation
- SEO with Yoast
And much more!
Get your copy today from our online store or from Amazon UK or Amazon US