Big Bytes

Securing WordPress & Magneto Websites

We’re always looking out for ways to better your web experiences with us on the service and security front. We’d like to draw your attention to new security vulnerabilities identified in two popular scripts – WordPress & Magneto. Please note that these issues are script-based and are not specific to SolutionPoint platform in any way. Read on to know more about these vulnerabilities, assess whether you could be impacted and take preventive action.

WordPress Vulnerability

This is a new, serious vulnerability, announced recently which has the potential to cause some damage and disruption. Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.

Impact: If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

Steps you need to take:

Magento Vulnerability: This is a vulnerability that has been recently reported too. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server.

Impact: The attacker can bypass all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system. This attack is not limited to any particular plugin or theme. All the vulnerabilities are present in the Magento core, and affects any default installation of both Community and Enterprise

Steps you need to take: If you are using the mentioned vulnerable versions of Magento, we would request you to patch it using the updates.

You can test whether your Magento website is vulnerability or not, using various tool.

We strongly recommend you access all your packages and patch them immediately to avoid any issues. In case you require any information regarding this email, please feel free to get in touch with us.

Use a Security Plugin

There are additional ways to harden your WordPress website to help keep it secure, such as changing database names and taking advantage of HTTP security headers. All of these require, for the most part, a reasonably high level of technical know-how and time.

Some of the top WordPress security plugins offer a significant range of features including blacklist monitoring, file scanning, brute force protection, firewalls, and more. They can offer easy ways to tighten up your website security quickly and with limited technical experience.

Take a Backup

Backups can be a woefully neglected element of WordPress maintenance. They do, however, play an important role in website security. Having a high-quality backup gives you the ultimate peace of mind that if the worst were to happen and your site was hacked and badly damaged, then you can recover quickly by restoring a previous backup. You can then apply any additional levels of security needed to avoid a hack being repeated.

WordPress powers more than 35% of all websites in the world. Yet, even with a dedicated security team and a vibrant and engaged worldwide community, websites that run on this leading content management system often are a target for security breaches.

The truth is, however, WordPress is secure: only 14% of WordPress security vulnerabilities come from core WordPress, and the WordPress organization follows rigorous processes for patching these issues. So, how do WordPress websites get exposed to hackers? More often than not, security vulnerabilities occur from insufficient maintenance.

Leave a Reply

You may also like:

Corruption Entertainment Law / Legal Lifestyle People Software Technology Telecom

Beware of Mobile Malware / Spyware behind those fancy apps / gadgets!

Corporate governments, security experts and officials remain in support of mass, warrant-less surveillance. But civil libertarians, humane technology companies and others oppose it, noting obvious lack of transparency and espionage to save crooks / cronies. As a cheap smartphone user, you don’t have to worry for Malware / Spyware / Virus, just buy antidotes. You […]

Read More
Corruption Law / Legal Lifestyle Software Startup Technology Telecom

FAANG & Co force-feeding ads & sermons based on big data theft via mobile apps

Chanakya’s political parties were abusing social media marketing for bumper votes and sponsored branding, now the same so-called tech innovation balloons are haunting and fighting back for long-term continuity and its ROI capitalism. Ironic all-round abuse of 99% social slaves

Read More
Health Lifestyle Media / PR People Technology

Coronavirus threat – safety first!

We believe this is a moment to use all of our creative people power to fight for a just, people-centered transition away from the systems behind these crises we face. This is not the moment to protest in the streets, nor the time to gather in-person in large groups for actions and mobilizations.

Read More