Busy Time For WordPress Community
April 28, 2015
The last few days has been an extremely busy time for the WordPress Community! And if you were NOT aware of the situation… NOW is the time to take action 🙂
It seems there has been a big “hole” in the code for quite some time which allows for all sorts of nasty stuff attacking your server. Many, many plugins were identified as having this vulnerability, and a lot of these were upgrade in the last few days. WordPress also responded, and have now released version 4.2.1 which also addresses this issue.
It is critical if you run a WordPress site to update your software right now!
I’ve just spend the last few hours doing this on all the sites we (and our clients) use WordPress on!
I’ve also added a couple of extra “security” type plugins as well following some issues with hacking into client sites… These include:
- Login Lockdown – a plugin which limits the login attempts and locks repeated failures out, and
- Disable XMLRPC – a plugin which disables a feature of WordPress which is often the target for people who want to bring your server down with a denial of service attack – i.e. MANY repeated hits on the same link within a very short space of time.
With these measures in place now, I am receiving a lot less notifications about people overloading my servers 🙂 (and I am sure my hosting support desk is happier too).
Sidebar: I have also been having some issues with DDOS attacks from some idjits with a couple of clients… so there are a few IP addresses being added to the firewall black list. I will never understand why people will do these things…
Anyways… these changes/updates are needed NOW if you use WordPress! So go get them done 🙂