Expert reports tell us that over 37,000 websites get hacked every day. That’s a worryingly large amount. WordPress (WP), the most popular CMS in the world, is targeted very often by hackers thanks to its popularity. The WP developers have recently released three important security upgrades, out of which 4.7.3 is the last one. If you own a WP-based website, it’s paramount that you update as soon as possible.
What fixes does the newest upgrade include?
The 4.7.3 update fixes six significant security vulnerabilities- including three core vulnerabilities and three additional ones. Here is a breakdown of all of them:
Cross-site scripting: The cross-site scripting (XSS) vulnerabilities that were patched include injections through file metadata, through video URLs in embedded YouTube videos and taxonomy term names.
Additional vulnerabilities: The three fixes include preventing control characters from trick redirecting URL validation, preventing the unintentional deletion of files through plugins and conservation of server resources through CSRF (Cross-Site request forgery).
What common vulnerabilities exist in WP?
The patched vulnerabilities given above are, of course, nothing new. Like almost every other CMS, WordPress has a lot of weaknesses to exploit, and new ones keep getting introduced with every upgrade the developer release. Here are some known vulnerabilities in the platform:
Brute force cracking method: A common exploit method, brute-force cracking refers to trying out a combination of login names and passwords until the right one is found.That is done by software/bots, usually.
File inclusion workaround: Through remotely loading a file, a hacker attempts to get in your wp-config.php file.
SQL injections: SQL injection refers to the creation of a new admin account in your database (MySQL) to gain full control over your web presence.
Malware: Malware, viruses and ransomware have, unfortunately, become very common and cause billions of dollars in losses each year.
How do I prevent my website from getting hacked?
You should know that no site will ever be fully secure. The only way to keep your website from getting hacked is by staying one step ahead of hackers – which you can do by updating your pages often. If you think your site is at risk or needs a security checkup, you can get in touch with Openwave’s WordPress web security experts for help.