I created an infographic for a recent presentation on WordPress security, I hope you find this useful and interesting! If you have questions about anything covered in the graphic add a comment. What else are you doing to secure your site?
In light of the security problems found (and fixed) last month in a couple of popular plugins, I thought this was a timely topic.
Two very popular plugins used by clients and that I use myself are WordPress SEO by Yoast and Google Analytics by Yoast, both, as it turns out, from Yoast. These are great plugins; I recommend them if you’re not using them already.
Last week a security vulnerability was found in WordPress SEO – not an actual problem, but a potential issue that could have become a target of hackers (in this case, a hacker could have targeted a logged-in user on a website and made changes to the database). Yoast was quick to fix the issue and put out an update, which was pushed to WP Minder client sites right away.
Then a few days later, another issue was found in Google Analytics by Yoast – again, not a problem yet, but a way that hackers could change the list of Google Analytics profiles being tracked. Again, the plugin was fixed and an update was released by Yoast (and pushed to all our WP Minder client sites).
So, how safe is WordPress?
Is this worrisome? Not particularly. While it’s true there have been a few major security issues with WordPress plugins in the past (timthumb is probably the best example), it happens very rarely. And it’s worth mentioning that there have been no major security issues with WordPress core files since June 2010 – every security problem that has arisen has been because of plugins and themes, or because site owners have let simple security measures like updates and backups lapse.
One of the reasons that WordPress is so safe is the big community of developers and users that support it. This translates to the majority of potential problems being caught early, and the ability to update plugins with a single click makes it far easier to get the corrected software in place on a website quickly than the complicated update processes used by other content management systems.
WP Minder works to lessen the risks by keeping your files, themes and plugins up to date, maintaining fresh backups, and helping you manage access to your sites. By closing loopholes quickly, we’re making it much more difficult for hackers to access your website.
A security problem was found on March 18th in the popular plugin Google Analytics by Yoast. This plugin has been downloaded nearly 7 million times according to statistics at the Yoast website.
There were no reports of hacks using the security loophole, and Yoast responded quickly and got a fixed update ready for release on March 19th.
More information on the security issue from a few sources:
- ZDNet – Security flaw in WordPress plugin Google Analytics by Yoast exposed
- Threatpost – Yoast Google Analytics Plugin Patches XSS Vulnerability
If you’re a WP Minder client and use this plugin, don’t worry – you’ve already been updated.
The very-popular WordPress SEO by Yoast – which I really like and use in almost all my client sites, and my own – was found to have a security vulnerability today that makes it more open to hackers.
This plugin is used by over 14 million WordPress sites, so this is a big deal. The plugin has already been updated to fix the security hole, so please update it on your site(s) now.
WP Minder client sites have already been updated, so you are taken care of.
For information on the problem and how it was found, read more here.
Shared hosting very popular primarily for two reasons:
- It’s relatively easy to set up an account at many big-box hosts;
- It’s generally very, very cheap.
But like many things, you get what you pay for. Shared hosting is inexpensive because so many accounts are packed tight on each server – many users, many opportunities for problems that may affect your site even if you’re playing by the rules.