WordPress Issues Emergency Patch
The widely used CMS system WordPress discovered a vulnerability in their version 4.8.2, released in September 2017, which left web pages built using the CMS vulnerable to SQL injection attacks, potentially allowing an attacker to access content that was believed to be secure.
WordPress quickly issued an emergency fix, patch 4.8.3, and is ‘strongly encouraging’ site managers to update the software as soon as possible.
Issues like this, even when patched promptly as WordPress did, raise some real questions: is the software trustworthy and, more generally, how can you keep your business website safe from attack?
What Does This Mean for WordPress’s Security?
Fundamentally, this vulnerability, and others like it, should not be taken to mean that a piece of software is inherently ‘unsafe’. The fact of the matter is that software is constantly changing, and these changes sometimes have unexpected outcomes.
Even if your site is developed by a specialist in WordPress web design in London like https://happy2host.com/, it will never be 100% secure. Developers and security experts should be looking for vulnerabilities regularly and fixing them as soon as possible – as WordPress did in this case.
The fact that the vulnerability was discovered, fixed promptly and admitted publicly should increase faith in WordPress’s security rather than decrease it. Breaches and vulnerabilities happen, and how a company handles them says more about them than the fact that the breach occurred.
Protecting Your Business Online
You cannot always rely on outside actors, such as the developers of a piece of software you use, to announce the fact that a problem has been found, especially since many vulnerabilities are caused by interactions between systems rather than a fault in a single system.
You should be taking active steps to protect your site and your business. At a basic level, this can mean hiding administrative access pages and having a robust password and access policy, both to reduce the chance of a breach occurring and to minimise damage if one does occur.
As with all other systems, websites used a number of pieces of software, and these should be regularly updated – out-of-date software often contains vulnerabilities that have since been fixed.
As breaches do occur, you should also take steps to minimise damage. This means keeping current backups and encrypting sensitive data.