Skip to content

WordPress vulnerability leads to compromised sites

Security

WordPress recently confirmed a security flaw has existed in its WordPress blogging software since the end of 2016.

The bug has affected tens of thousands of websites, specifically WordPress blogs and news of the vulnerability continues to spread via popular sites such as BBC News and many tech websites too.

Not only does this mean WordPress sites can be compromised, but it also means the vulnerability can potentially be used as an entry point to take over the whole WordPress website. To date the most common type of compromise has been defacing the most recent blog post.

What should you do if you’re concerned about your own WordPress website?

WordPress has since patched the vulnerability, which was released on 26th January 2017, however many site owners do not log in to their WordPress website frequently and therefore usually become aware of their WordPress website having become compromised before they learn about the newest/preventative version of WordPress – version 4.7.2.

Am I effected by this if my WordPress blog is on wordpress.com?

No, you’re not. As WordPress provide and maintain the WordPress blogging platform and servers they are responsible for securing the version of WordPress you use, you need only take action if you have your own hosting package and have installed WordPress on servers outside of wordpress.com.

How do I update WordPress on my website?

  • You’ll need to log in to your WordPress dashboard, the login page for this can almost always be found at http://example.com/wp-admin where example.com is replaced by your own websites domain name, once here login using your WordPress username and password.WordPress Login Screen

 

  • Once logged in, the WordPress software displays a notification of any new versions of WordPress in the top left of the dashboard:

WordPress Update Notification in the dashboard

  • It’s always recommended that you back up your website files and download your WordPress database too, for advice on this please contact our Support team by opening a support ticket, the instructions to do this can be found here – open a support enquiry.
  • Click the Please update now link and WordPress will commence to install the latest version of WordPress, version 4.7.2 patches the vulnerability detailed in this article.