Big Bytes

Securing WordPress & Magneto Websites

We’re always looking out for ways to better your web experiences with us on the service and security front. We’d like to draw your attention to new security vulnerabilities identified in two popular scripts – WordPress & Magneto. Please note that these issues are script-based and are not specific to SolutionPoint platform in any way. Read on to know more about these vulnerabilities, assess whether you could be impacted and take preventive action.

WordPress Vulnerability

This is a new, serious vulnerability, announced recently which has the potential to cause some damage and disruption. Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.

Impact: If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

Steps you need to take:

Magento Vulnerability: This is a vulnerability that has been recently reported too. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server.

Impact: The attacker can bypass all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system. This attack is not limited to any particular plugin or theme. All the vulnerabilities are present in the Magento core, and affects any default installation of both Community and Enterprise

Steps you need to take: If you are using the mentioned vulnerable versions of Magento, we would request you to patch it using the updates.

You can test whether your Magento website is vulnerability or not, using various tool.

We strongly recommend you access all your packages and patch them immediately to avoid any issues. In case you require any information regarding this email, please feel free to get in touch with us.

Use a Security Plugin

There are additional ways to harden your WordPress website to help keep it secure, such as changing database names and taking advantage of HTTP security headers. All of these require, for the most part, a reasonably high level of technical know-how and time.

Some of the top WordPress security plugins offer a significant range of features including blacklist monitoring, file scanning, brute force protection, firewalls, and more. They can offer easy ways to tighten up your website security quickly and with limited technical experience.

Take a Backup

Backups can be a woefully neglected element of WordPress maintenance. They do, however, play an important role in website security. Having a high-quality backup gives you the ultimate peace of mind that if the worst were to happen and your site was hacked and badly damaged, then you can recover quickly by restoring a previous backup. You can then apply any additional levels of security needed to avoid a hack being repeated.

WordPress powers more than 35% of all websites in the world. Yet, even with a dedicated security team and a vibrant and engaged worldwide community, websites that run on this leading content management system often are a target for security breaches.

The truth is, however, WordPress is secure: only 14% of WordPress security vulnerabilities come from core WordPress, and the WordPress organization follows rigorous processes for patching these issues. So, how do WordPress websites get exposed to hackers? More often than not, security vulnerabilities occur from insufficient maintenance.

Leave a Reply

You may also like:

Corruption Economy Investment Law / Legal

Proudly wearing a certified CIBIL credit score tattoo, issued by Mafia Capitalism?

The entire apparatus of government, police, judiciary and prisons providing enforcement and surveillance. Instead of taxing the rich to generate money to build and maintain things like schools and roads, our government actually borrows money from the banks and the public pays the interest on these loans

Read More
Education Law / Legal Lifestyle Linux People Software Technology World

How to stay safe from Email Server Compromises & Data Scams?

Avoid using tools like mobile apps or fancy desktop apps for email send / receive and other critical transactions.

Read More
Media / PR Technology

Web and mobile services for print, online media, news agencies

While creating a dynamic web portal, mobile or desktop applications for broadcast, print and online media, editorial systems, adverts management, page planning, circulation, mobile, social media sync etc you hire an agency that fully understand the technologies and even have its own media channels. We offer custom services based on open source, there are no […]

Read More