Security issues with WordPress sites

WordPress is an open-source tool used for blog constructing and content management. It is based on MySQL and PHP and provides template system to help those that are not familiar with web programming.

Those who run a WordPress site must be very careful as a security issue was discovered recently that might cost them the control of their site. This security issue affects the TwentyFifteen and the Jetpack plugins that where found to be installed for more than a million sites which are now obviously the sites in danger.

Using a malicious link, a hacker can get full authorised control of the site and use it as the admin. The solution that Engadget suggested, is to remove the example.html file from the genericons of the WordPress instalment.

The security issue was found by Sucuri, a company that offer security services to websites. Sucuri spotted the problem at the XSS Theme, and thus named the issue “Document Object Model Based XSS”. That contains all the necessary information according to which is determined how the titles, the headings, and other elements of the WordPress site’s page will appear.

So far we’ve given you the less bad news. The worse news is that the bug we have mentioned above will affect all WordPress site owners and not only those who use the TwentyFifteen theme. This will happen because that theme is embodied to the data base of WordPress.

Now to upside of all that, some well known hosting services – such as GoDaddy and ClickHost – have already started putting serious efforts to solve this issue.

If you are a WordPress owner don’t get crazy and upset. This bug might now even affect you with a little bit of luck. Just make sure you keep an eye on your site and stay more alerted just in case something goes wrong. However if you still feel unsafe, you can always delete the example.html file and see if that works for you. In either case we hope you stay safe and that bug gets fixed quickly!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.