Are you maintaining your WordPress website yourself? Do you know what version of WordPress your site is running? Did you “forget” to update WordPress to the latest version? If you answered “yes” to those questions, then this news is for you.
Our friends at WordFence told us about a bug in WordPress version 3.7.2 and earlier, as well as WordPress versions 3.8 and 3.8.1, that makes it easier for remote attackers to obtain access via a forged cookie. This makes it possible for an attacker to post to your site. I won’t bore you with the details, but you can read about it on the National Cyber Awareness System.
Upgrade to Latest Version of WordPress
What should you do to secure your WordPress site? Make sure you are running version 3.8.2 of WordPress or better. The latest version of WordPress (at the time this post was written) is version 3.8.3, released on Monday, April 14, 2014. If you have an older version, you should update it immediately. As always, be sure to make a backup prior to updating WordPress or any WordPress plugins.
If you already have WordPress version 3.8.x or installed, then your site should have already been updated automatically, and an email should have been sent to your administrative account notifying you of the update. Likewise, if you have a maintenance contract with Whispering Woods, then your site has already been updated, and you have nothing to worry about.
Please give us a call at 434-882-7638 if you have any concerns or questions about the security of your websit