We’re always looking out for ways to better your web experiences with us on the service and security front. We’d like to draw your attention to new security vulnerabilities identified in two popular scripts – WordPress & Magneto. Please note that these issues are script-based and are not specific to SolutionPoint platform in any way. Read on to know more about these vulnerabilities, assess whether you could be impacted and take preventive action.
Impact: If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.
Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.
Steps you need to take:
Magento Vulnerability: This is a vulnerability that has been recently reported too. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server.
Impact: The attacker can bypass all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system. This attack is not limited to any particular plugin or theme. All the vulnerabilities are present in the Magento core, and affects any default installation of both Community and Enterprise
Steps you need to take: If you are using the mentioned vulnerable versions of Magento, we would request you to patch it using the updates.
You can test whether your Magento website is vulnerability or not, using various tool.
We strongly recommend you access all your packages and patch them immediately to avoid any issues. In case you require any information regarding this email, please feel free to get in touch with us.
Use a Security Plugin
There are additional ways to harden your WordPress website to help keep it secure, such as changing database names and taking advantage of HTTP security headers. All of these require, for the most part, a reasonably high level of technical know-how and time.
Some of the top WordPress security plugins offer a significant range of features including blacklist monitoring, file scanning, brute force protection, firewalls, and more. They can offer easy ways to tighten up your website security quickly and with limited technical experience.
Take a Backup
Backups can be a woefully neglected element of WordPress maintenance. They do, however, play an important role in website security. Having a high-quality backup gives you the ultimate peace of mind that if the worst were to happen and your site was hacked and badly damaged, then you can recover quickly by restoring a previous backup. You can then apply any additional levels of security needed to avoid a hack being repeated.
WordPress powers more than 35% of all websites in the world. Yet, even with a dedicated security team and a vibrant and engaged worldwide community, websites that run on this leading content management system often are a target for security breaches.
The truth is, however, WordPress is secure: only 14% of WordPress security vulnerabilities come from core WordPress, and the WordPress organization follows rigorous processes for patching these issues. So, how do WordPress websites get exposed to hackers? More often than not, security vulnerabilities occur from insufficient maintenance.