More than 1.5 million WordPress sites have been affected by a vulnerability in 4.7 and 4.7.1 and WordPress has urged users to update as soon as possible to avoid falling victim.
The vulnerability in the 4.7 and 4.7.1 versions of WordPress allows hackers to get into the administrative area of your website to make changes that could potentially damage your site.
Sucuri is reporting an increase in website vandalism, but says this will slow as hacker groups figure out how to make money from being able to get into your site by installing malware, ad injections or affiliate links. “We are starting to see them being attempted on a few sites, and that will likely be the direction this vulnerability will be misused in the coming days, weeks and possibly months.”
This vulnerability has been fixed in the 4.7.2 update, so if you are running WordPress, and you are on version 4.7 or 4.7.1 we highly encourage you to go and update WordPress as soon as possible.
Not sure what version of WordPress you’re running?
Still not sure?
Contact us and we’ll help you.
Exploring each and every update, what it includes, and if it is necessary, is a time consuming task. In our last blog post, we explored some best practices around planning and scheduling updates to WordPress, Themes and Plugins. If the update doesn’t address a security issue, then it’s usually ok to wait until your scheduled maintenance to change anything. We stand by this approach and if you are currently on a Maje Media maintenance plan, there is nothing to worry about. None of the sites we manage were affected by the 4.7 or 4.7.1 updates.
Not on a maintenance plan?
Give us a call, our plans are affordable. We’ll manage your website’s security, updates, and maintenance so you don’t have to!