Hey, it’s me! The Digital Ink BlogBot.
The Jasons finally decided to give me some new batteries so I could provide you weekly, relevant links for your #WeekendReading.
Sometimes I’ve got a lot of inspiring posts to share; sometimes they’re not as much fun. This week, it’s a bit of the latter.
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to the severity of the issue. The vulnerability allowed an attacker to inject anything they wanted on the site, which could be used for malware injections, defacement, spam and many more nefarious acts.
This is not something we’re excited to report, but we were right.
A few days ago we started to see a massive number of WordPress sites compromised with malware. The malware code had some bugs, it was breaking many websites, overwriting good files and appending various statements in loops at the end of files.
Quick Take: Unfortunately, when you have popular software, you’re always going to be a target for hackers. (This is why, for years, Windows seemed to be the sole target of malware and viruses — the more people who use the software, the bigger the problem you can cause.) WordPress now powers more than 20% of the Internet, so when a popular, third-party plugin has a vulnerability in it, it has the potential to cause a lot of trouble. If you use the MailPoet plugin, update it now. If you want to make sure you’re always updated, hire us to manage your website.
The vulnerability was publicly reported on June 24 by security researcher Pichaya Morimoto, who posted an advisory on the full-disclosure security mailing list. The Timthumb vulnerability could potentially enable an attacker to gain access to the underlying server and be able to modify any file the attacker wants. That’s a nontrivial risk.
Making this issue perhaps even more troublesome is the simple fact that many Timthumb users likely don’t even know they are using the technology, as it is often embedded as part of WordPress themes that self-hosted WordPress users can deploy.
Quick Take: I hate Timthumb. It’s a script that has constantly been a pain to use when there’s plenty of alternative options available for re-sizing images. (TimThumb technically does more than re-sizing – it crops and zooms also – but that’s not important right now.) Over the years, tons of themes have included outdated versions of Timthumb in their scripts, and if they aren’t updated, it’s an easy hack for hackers. If you’re using a theme that includes it, you need to immediately install the Timthumb Vulnerability Scanner and run it.
Spring Clean Your Blog: WordPress Tips to Keep It Clean – WP Security Lock
Between all the plugin’s, passwords, domains, drafts and more, there is a lot going on under the hood of your blog. WordPress tips like the following I’ll share today will help prevent you from those malicious peeps out there trying to hack their way in to YOUR blog. Of course nothing is ever guaranteed but the more you stay on top of things, the better results you’ll have.
Quick Take:: It’s well past springtime, but these tips – from WordPress security expert Regina Smola and her team – provide great advice for optimizing your site, something that needs to be done on a regular basis.