Keeping your WordPress Blogs Speedy & Secure
WordPress 4.7.3 is now available. This is a security release for all previous versions and we at BlogSec strongly encourage you to update your sites immediately.
Security issues fixed:
In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.
Please contact BlogSec if you’d like assistance in keeping your sites secure!
I gave a presentation last night on the PCI DSS Credit-Card security standards and how they apply to WordPress eCommerce users.
The slides can be downloaded here.
Please contact us if you need help securing your eCom sites.
General PCI DSS information & resources:
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
https://www.pcisecuritystandards.org/security_standards/
https://www.pcisecuritystandards.org/security_standards/documents.php (SAQs are here)
CheckMarx reports they have analyzed the 50 most popular WordPress plugins and found:
One might guess that less popular plugins are often worse, on average.
Recommendations:
Ars Technica reports a BotNet with 90,000 IP addresses is trying to brute-force WordPress installs via password guessing.
BlogSec.net recommends performing the following steps immediately to protect your sites from getting hacked:
Vulnerabilities have been found in 2 caching plugins: W3 Total Cache and WP Super Cache… be sure you update your plugins!