WordPress Security

Shield Plugin Banner

Understanding Your WordPress Risk from the PHP Mailer Vulnerability

By | News, WordPress Guides, WordPress Security | No Comments

So nearly 3 weeks ago, we started hearing about the vulnerability within the PHP Mailer library that’s also used within the WordPress Core.

And everyone ran for the hills with their hair on fire (again).

Was this a critical security vulnerability? Yes.
Was WordPress susceptible? Actually, no.
So was it necessary to lose the plot and wet ourselves? No.

Anybody that pays attention to WordPress core security releases will know that when there’s a serious security vulnerability in the core, it gets patched pretty damn quick. There’s no messing around.

But isn’t it odd that WordPress didn’t get patched immediately following the announcement of this php mailer vulnerability?  Why haven’t the Core team released a security patch already?!

When something in life is weird, it’s probably not weird – you likely just don’t know all pertinent information, yet.

So it’s not odd. Why? Because, from WordPress themselves:

The Security Team has spent some time analysing this vulnerability, and how it applies to WordPress. This vulnerability does not appear to be directly exploitable in WordPress Core, or any major plugins in the plugin directory. The wp_mail() function, which WordPress Core and most plugins use for sending email, blocks this vulnerability from being exploited.

Unfortunately when a “security” expert posts on Facebook, or any where for that matter, it doesn’t mean it’s worth getting upset about. Now they may say “we’re not trying to alarm you” and other nice stuff, but unless there is a reason that goes beyond “making you aware”, it’s probably not going to help you at all. Read More

Better Automatic WordPress Updates

By | iControlWP: Manage WordPress Better, News, WordPress Security | 3 Comments

iControlWP WordPress Management LogoAutomatic updates have been available to us in WordPress since version 3.7.

They serve us well and ensure that WordPress sites don’t get left behind on security patches.

At the time, we saw the huge benefit in this. So we gave our clients the option to tune automatic updates from within iControlWP. Yet another first for multiple WordPress management 😉

But over time we’ve seen that there are “issues” with the automatic updates system. We’ll cover some of these here and outline what we’re doing about it. Read More

Shield Plugin Banner

Get Your Head Straight With WordPress HTTP Security Headers

By | News, WordPress Guides, WordPress Plugins, WordPress Security | 10 Comments

HTTP Security Headers are perhaps the most overlooked way to protect visitors on your WordPress websites. But they’re one of the most powerful.

HTTP Headers tell web browsers what they can and cannot do with your website.

This is important, as it can protect your visitors from malicious content loaded from 3rd parties, as well as high-jacking (aka ClickJacking) your website.

We’ll outline what HTTP Headers are, and what we’re doing to help lock down your site. All the while never making things complicated for you or your visitors.

Sound too good to be true? Don’t worry, our clients are already used to this. 😉 Read More