The search engine optimization, the well-known SEO, enables Google to show our webpage before than other hundreds of millions of sites. That’s the reason why editors of corporate and personal blogs worry so much about visibility.
If you use WordPress, you will probably have installed “WordPress SEO by Yoast”, the most famous plugin that handles this task and has over 14 million downloads. An essential tool for any blogger, it helps displaying the post’s keywords, a headline and intro making it easier for the search engine and the robot that index the sites to read.
If you have it too, you should know that it has recently been discovered some vulnerabilities, which could be exploited by any attacker to get into your blog. If you are thinking right now about uninstalling or changing the passwords, because you can’t figure anything else to do, don’t worry: they have already solved the problem. Now, of course you will have to download an update soon!
Security expert Ryan Dewhurst warned about the issue a few days ago. He works for WPScan, an open source security tool that allows security professionals and web administrators evaluate the vulnerabilities of WordPress.
Dewhurst found that a cyber-attacker could break the database’ security and obtain confidential information through a SQL injection attack in version 1.7.4. (version 1.5.3. for those who paid the premium subscription). In addition, all the previous versions were also vulnerable.
The security gap, in the simplest terms, would allow querying the blog’s database, which would compromise the stored information (authors and subscribers usernames and passwords, for example). Even, the vulnerability could be used to infect the site’s visitors through some malware.
This plugin’ security experts resolved the issue within 90 minutes after realizing it. They patched the vulnerability and offer an update, version 1.7.4. which comes without this damn security gap and you can download it manually from their website.
The people in charge of “WordPress SEO by Yoast” thanked Dewhurst for publishing his findings and asked users to download this update as soon as possible in order to keep themselves safe.
In addition, there is a much more comfortable way for updating all the versions without having to be on the look. If you have already installed WordPress version 3.7., or higher, you can order your plugins to automatically install updates so you don’t have to worry about them. You can do it by using the “Advanced Automatic Updates” option.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
5 comments
WordPress makes it so easy for non-technical clients/customers to install plugins but when things go wrong it becomes a big problem. The SEO by Yoast plugin is indeed very popular one, so glad they were able to patch the tool before things got out of hand. It’s always important to ensure your running the latest version of any plugin to make sure there’s no vulnerability in the code.
Howdy, i read your blog from time tto tike and i own a similar one and i was
just wondering if you gget a lot of spam comments? If so how do you
stop it, any plugin or anything you can recommend?
I get so much lately it’s driving me insane soo
any help is very much appreciated.
Howdy, i read your blog from time tto tike and i own a similar one and i was
just wondering if you gget a lot of spam comments? If so how do you
stop it, any plugin or anything you can recommend?
I get so much lately it’s driving me insane soo
any help is very much appreciated.
thanks for this informative post