Archive

WordPress Version 4.4.1

WordPress version 4.4.1 has been released onto WP Dashboards and automatic updates. As this update is a security and maintenance release it is essential that all WordPress users upgrade their sites from previous versions.

All ERS Web Solutions customers will have their sites updated and checked.

You can find more about this WordPress update at https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/

WordPress 4.2.3 released

WordPress 4.2.3 is out and ready for updating in dashboards now. It’s a critical update as it contains security fixes. You should always keep your WordPress installation, themes and plugins updated.

ERS Web Solutions customers using WordPress will have their sites updated as soon as possible.

WordPress Cross Site Scripting Exploit

Researchers from Finnish company Klikki Oy have released a video and proof of concept code for an exploit, which allows a hacker to store malicious JavaScript code on WordPress site comments. This affects all WordPress versions including the latest version 4.2. This is a zero day exploit that could be used by hackers at any time.

If a hacker posts a comment which is greater than 64K (65,535 characters) which gets approved, for example by having a previous comment approved and the page is visited by someone with admin rights then malicious code could be run including setting up a new admin account for the hackers to use.

CloudFlare, a content delivery network that caters for around 5% of internet traffic said it had seen malicious emails sent out by hackers trying to point people to a compromised WordPress site hosted by Bluehost. It appeared they had been taking advantage one of the flaws in older versions of WordPress.

ERS Web Solutions has checked, verified and secured all the websites that it is responsible for. All databases have also been individually checked by a human to ensure that no malicious code or user logins had been generated by hackers.

A statement has been released by the WordPress development team The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly. It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don’t use Akismet.

Ways to keep Safe

As WordPress is used to run around 22% of all websites on the internet, and around 60% of websites where the Content Management System[?] (Source: w3Techs web technology surveys). It will always be a target for hackers.

Use Akismet which checks comments and puts them in the spam comments section.
Use a reliable host, we recommend Names.co.uk.
Restrict comments to a few hundred characters for example using Greg’s Comment Length Limiter
Don’t user an obvious user name such as admin.
Most Important Of All Keep WordPress and Plugins Updated

Reference: https://wordpress.org/news/2015/04/wordpress-4-2-1/

http://wptavern.com/wordpress-4-2-1-released-to-patch-comment-exploit-vulnerability

WordPress 4.2 Update

WordPress 4.2 update is now out on dashboards etc this update is named “Powell” in honour of jazz pianist Bud Powell. All ERSWS customers using WordPress will have their sites updated and checked in the next 24 hours.

WordPress 4.2 brings new features and improvements including:

Press This improvements. Found on the Tools menu, you drag Press This to your browser bookmark bar or mobile device home screen. Once set up it means you can share videos, images, and content really quickly and easily.

Embeds improvements and covers more sites now. Embeds is a fantastic feature of WordPress if you regularly share things like YouTube or Vimeo videos. You can now pastelinks from Tumblr and Kickstarter and WordPress does all the hard work for you.

Plugin Updates imporvements. Plugin updates is now streamlined and a smoother process.

You can find out more about WordPress updates and new releases at WordPress.org

WP Color Spy Update

The WordPress plugin WP Color Spy by Elliott Rodgers has had a minor update so that it is case insenstive when reading hex colours. It was treating a hex colour code #FFFFFF and #ffffff as being different colours.

If you have already bought a copy fill out the request a download link, it will download the new version. Delete the old plugin and install the new plugin through the usual methods.

10 More Reasons We Love WordPress

Back in November 2013 we blogged 10 Reasons We Love WordPress

Here’s another 10 reasons we love WordPress.
Read more of 10 More Reasons We Love WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *