Small business WordPress users need to update software now
A critical level vulnerability was identified by a security expert, causing WordPress to issue a new release for its software. All small businesses that use WordPress software should update to release 4.8.3 as soon as possible. An update (4.8.2) was released in September 2017, but it did not fully address the vulnerability.
Businesses that use WordPress.com (as the host for their website) do not need to worry about this vulnerability since the hosted version implements all updates as soon as they are released. Businesses that use an installed version from WordPress.org are at risk.
According to security experts, the vulnerability potentially allows cybercriminals to hijack websites running WordPress software and inject malicious code. In turn, the hacker can steal data from the site, corrupt the content, or possibly access the system network.
SiteLock, a security company, reported that in Q2 2017 their sample of 6 million websites experienced over 63 attempted attacks a day. Most attacks were by bot access attacks. The odds are high that every website is under attack every day.
What You Should Do
If you host your own website or use a developer hosting service, check with your IT specialist and ensure they update your site soon. You can learn more about this software release at WordPress.org.
If you use a hosting provider such as Go Daddy or HostGator, you need to find out how they handle security updates. Many host providers offer information online, such as here for Go Daddy and here for HostGator. Just because you subscribe to security services with a hosting provider does not mean they handle release updates for your site.
If you run plug-ins on your website, check the plugin provider to see if they have updates. If they do not, have your IT specialist monitor the providers to find out when they will have updates available.
Another security measure is to install a web application firewall. Consider discussing this measure with your IT specialist if you don’t already have one in place.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.