Jun 24, 2016
As per builtwith.com, 12,608,292 live websites run on WordPress. With such a huge population there comes a lot of responsibility to shoulder and this is why the team of WordPress work day in and day out to render a robust platform to the developers as well as users who count on the technology.
WordPress 4.5.3, which is kind of the security update that was released recently. The update is released to make sure that the development offers all the security issues even from the previous versions. Therefore, it is advised to update your systems immediately.
What WordPress 4.5.3 has to offer?
Though WordPress 4.5 offers numerous features, but there were some loop holes in the system that needs to be corrected. This update also includes redirect bypass in customizer, problems in XSS, using stolen cookie for changing the password, and several other things. Apart from these security fixes, this update deals with other 17 bugs from older versions 4.5.2 and 4.5.1.
Their vulnerabilities were discovered by several members of the community. The main reason is the constant vigilance of the member of the community that strives hard to make the WordPress platform quite stable for the community members.
How to update?
To update you need to go down to updates on the Dashboard of WordPress website and then click on “Update Now.”
However, those who might have enabled the automatic updates settings, will be already working on their automatically updated website.
There were some security issues that were lingering in WordPress versions 4.5.2 and its previous versions:
– redirect bypass in the customizer
– two different XSS problems via attachment names
– revision history information disclosure
– oEmbed denial of service
– password change via stolen cookie
– and security issues with sanitize_file_name edge
Other security checks
Use Secure Hosting
We know that WordPress is a free platform, however, when it comes to hosting make sure that you count on a reliable and secure platform to host your website.
Screen Before Installing Plugins
Plugins are certainly a boon for WordPress users, but you need to make sure to install plugins developed by reliable developers or plugins those have a good user rating. Primarily because plugins are a direct gateway to your website and any vulnerability in your plugins will be proved to directly affect your website’s security.
Keep Software Updated
One of the most vulnerable thing in WordPress is the non-updated version. Make sure that you fully update all your WordPress website to the new version.
Separate Your Username from the Site’s URL
Keeping your username in the author archive URL allows you to have an easier time to access your page.
Therefore you need to hide the username in your database.
Make use of Captchas
There is no doubt that you Captchas are quite annoying, but when it comes to their usage, they certainly are great to protect your WP page from robots.
Conduct Security Audits
To find out the vulnerabilities of your WordPress website make sure to go for security audit and then you can easily rectify them. This will help you to figure out all the loopholes in the security of your software and hardware holes that hamper the content management system itself.