Most of our small- and medium-size business clients rely on the excellent content management system WordPress for their websites. One of the many perks of WordPress is the frequent availability of security updates and improvements to ensure your site stays safe even when the landscape on the web gets dangerous. Recently, certain WordPress core and plugin vulnerabilities were uncovered, so prompt updates to get the latest security improvements will be required to keep your site secure from spam, hacking and malware.
About the Vulnerabilities
The majority of WordPress developers make extensive use of plugins to complete a variety of tasks - everything from providing a visitor count on the site, to easy code insertion, to creating a user-friendly calendar. However, occasionally vulnerabilities are found in these plugins that require addressing to keep secure.
A large number of commonly used plugins are vulnerable to cross-site scripting (XSS). The incorrect use of add_query_arg() and remove_query_arg(), two popular functions used by WordPress experts to enhance code and create unique solutions for their clients, is causing security concerns. These two functions add or modify query strings to URLs. If user input is not properly handled, the URL created can include malicious characters that can be destructive to your site.
Fortunately, there's an easy fix for developers – Escape Everything! Adding just a few characters to a line of code – echo esc_url( add_query_arg( $key, $value ) ); - solves the problem. You can use either of these functions: esc_url() (or esc_url_raw()). It’s a small price to pay for security.
By now, the problem has largely been solved. Developers who do not update their plug-ins automatically can do so manually because many of the fixes have been completed. While every plugin has not been corrected, most of the popular plugins have been taken care of by a community of developers who have rallied to update the code.
Be Proactive - Protect Your Site
Website down time can cause serious problems for your business. In addition to lost revenue and other costs, customer dissatisfaction is a serious potential issue. If managing the technical aspects of your website is not your area of expertise, don’t worry, you’re not alone. You have someone in your corner. If your website uses WordPress, don't wait to contact Tentacle Inbound to safely update your WordPress core and plugins. (Not sure if this applies to you? Go ahead and contact us and we'd be happy to take a peek - better safe than sorry!)
The best way to read about these issues is after the fact because nothing went wrong. Call Tentacle Inbound today to get started. You won't have to be concerned about making the updates, and can rest assured that your website is in great hands. Our team of WordPress experts will take excellent care of you and do what is necessary to keep your website safe.
Get peace of mind by having a team of WordPress experts and enthusiasts dedicated to your site's security, regularly monitoring for these kinds of threats and proactively preventing problems on your site. We free you up to do what you do best – take care of business.