WordPress Security Flaw Under Active Attack. ETC Enhanced/Fully Managed Hosting Sites Unaffected


WordPress 4.7 was recently released and they added a new API to make it easier for third parties to integrate with WordPress.  Unfortunately, this new feature was not fully evaluated for its security implications before launching.  This new system went too far in allowing remote access to the point of giving a list of all the users of the site and in some cases allowed the compromise of the site.  It allows attackers to modify the content of any post or page, and it can also be exploited for arbitrary code execution if another type of plugin was installed as well.  ETC customers who were using the Enhanced WordPress Hosting were unaffected by this api flaw.  Fully Managed Hosting customers were also not vulnerable to the secondary security vulnerability caused by PHP injection plugins.  This flaw has been patched and all site owners running WordPress are encouraged to use the built in updater to update your WordPress installations.  All Fully Managed Hosting customers have already been updated against this vulnerability.

If you want to make sure your WordPress site is watched for either basic or advanced security problems contact us about your web hosting needs.  My rates are competitive with the bigger companies.  You can find my rates here.  Feel free to contact me for any questions you may have about ETC Maryland’s web hosting services.