If your WordPress website uses the popular UpdraftPlus backup plugin, you’ll want to read this…
UpdraftPlus is installed on over 3 million WordPress websites and is relied upon for securely backing up WordPress site files and databases, which contain sensitive user data.
UpdraftPlus was found by a security researcher at WordPress parent company Automattic to have a ‘severe vulnerability’ that allowed hackers to download usernames and passwords.
Here is the announcement from UpdraftPlus from Feb. 17. They were on top of things, working to release the fixed version about a day after the problem was found and being transparent about reporting it.
WordPress took the unusual step of forcing auto-updates on installations that were still using the older versions of this plugin, but you do need to check your site anyway to make sure. Upgrade immediately if you find one of the older versions.
If you’re still using the following you’ll need to upgrade right away: