This past year WordPress released a new version as a security update for fixes to several moderate-risk vulnerabilities. This is standard practice for the most widely used content management system for websites and blogs that rely heavily on third-party plugins and widgets.
Shortly after the release, the WordPress security team disclosed a much more serious vulnerability that was also patched in the release but wasn't included in the release notes. According to an article in PC World, this vulnerability allows unauthenticated attackers to modify the content of any post or page within a WordPress site. While this vulnerability has been patched within the latest release, cybercriminals can take advantage of this vulnerability that is now known in the public domain for any unpatched sites.
With the amount of WordPress vulnerabilities inherent in the CMS and within third-party plugins, how can WordPress users stay ahead of the attacks? Here are a few simple steps to take:
- Use a trusted hosting provider
- Remove or disable the old and unnecessary plugins and extensions
- Enforce credential policies and restrict file access
- Install a web application security solution – like Trusted Knight's Protector Air
With Protector-Air, securing a WordPress website doesn't have to be a full-time job.
While the WordPress interface is easy to maneuver, it's also inherently insecure due to the open-source nature of the platform. Even as recently discovered vulnerabilities have been patched, new ones are being discovered and exploited regularly.
What makes Protector-Air a perfect solution for WordPress sites is that it defends against the full range of web attacks, regardless of the security of plugins and extensions. Protector-Air provides enterprise-grade web application security and DDoS protection without additional maintenance from administrators and offers automated security policy updates so you don't have to keep track of the latest WordPress updates and patches.