WordPress is a fantastic platform, used by hundreds of website designers, developers and writers across the globe. Many of us will be lucky enough never to encounter a problem, but as with anything connected to the internet and computing in general, it can occasionally come under attack. A couple of weeks ago WordPress admitted to a critical security flaw; a crucial cross-site scripting vulnerability that allows hackers and cyber criminals control of websites running on older versions of WordPress.
Unearthed by Jouko Pynnonen of Finnish software company Klikki Oy, this flaw is a thread that if pulled could unravel potentially millions of websites, putting control of your blog, its content and assets in the hands of anonymous users. According to stats from WordPress, a staggering 86% of WordPress users were still operating a vulnerable version of the platform at the time the bug was revealed. Targeted sites can then be taken hostage and used to attack other members and, even more worryingly, commandeered for use in a botnet should your operating system be completely compromised.
WordPress developers report that the vulnerability is already out there in the wild and being exploited. Rather worryingly, detailed information on how to use and modify the exploit is circulating on a growing number of websites.
Luckily, checking if you’re vulnerable to the bug or not is simple. All you have to do is log into your WordPress account and check your site. Depending on which version you’re running, the number should be clearly displayed in the header or footer in your administrative panel/section. If you still can’t find it, head over to the “At a glance” panel nestled within your dashboard. If neither of those work, crack open your readme.html file, which also contains version information.
If you find you’re still using an older version of WordPress, updating should be your first priority. Followed this up with a thorough virus check in order to check if your system has been cracked open. If so, implement any fixes your internet security provider recommends and, if necessary, beef up your protection.