Do You Own a WordPress Website? Update to 4.7.3 Immediately to Avoid Security Threats

Expert reports tell us that over 37,000 websites get hacked every day. That’s a worryingly large amount. WordPress (WP), the most popular CMS in the world, is targeted very often by hackers thanks to its popularity. The WP developers have recently released three important security upgrades, out of which 4.7.3 is the last one. If you own a WP-based website, it’s paramount that you update as soon as possible.

What fixes does the newest upgrade include?

The 4.7.3 update fixes six significant security vulnerabilities- including three core vulnerabilities and three additional ones. Here is a breakdown of all of them:
Cross-site scripting: The cross-site scripting (XSS) vulnerabilities that were patched include injections through file metadata, through video URLs in embedded YouTube videos and taxonomy term names.

Additional vulnerabilities: The three fixes include preventing control characters from trick redirecting URL validation, preventing the unintentional deletion of files through plugins and conservation of server resources through CSRF (Cross-Site request forgery).

WordPress is presented in the form of binary code 3d illustration
WordPress website development

What common vulnerabilities exist in WP?
The patched vulnerabilities given above are, of course, nothing new. Like almost every other CMS, WordPress has a lot of weaknesses to exploit, and new ones keep getting introduced with every upgrade the developer release. Here are some known vulnerabilities in the platform:

Brute force cracking method: A common exploit method, brute-force cracking refers to trying out a combination of login names and passwords until the right one is found.That is done by software/bots, usually.

File inclusion workaround: Through remotely loading a file, a hacker attempts to get in your wp-config.php file.

SQL injections: SQL injection refers to the creation of a new admin account in your database (MySQL) to gain full control over your web presence.

Cross-site scripting (XSS): This is the most common vulnerability in WordPress – and the rest of the internet. Hackers attempt to get a visitor to load a web page with malicious javascript, which steals data from the browser.

Malware: Malware, viruses and ransomware have, unfortunately, become very common and cause billions of dollars in losses each year.

How do I prevent my website from getting hacked?

You should know that no site will ever be fully secure. The only way to keep your website from getting hacked is by staying one step ahead of hackers – which you can do by updating your pages often. If you think your site is at risk or needs a security checkup, you can get in touch with Openwave’s WordPress web security experts for help.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s