We provide our clients with managed WordPress hosting for their website. WordPress is the software running the website itself and requires updates, just like computer software, or the apps on a smartphone etc. Our philosophy is “if it aint broke, don’t fix it…” As such, we monitor for performance and security critical updates to WordPress core, themes, and plugins.
We don’t often update the software otherwise as it can cause unwanted issues to arise, such as broken themes or functionality. It makes more sense to only apply the really important updates when they come along, saving our clients money from expensive maintenance if and when an update breaks things.
WordPress < 5.8 Security Critical Update
Here are some things you should know:
- A lot of websites are running WordPress, pre version 5.8
- A vulnerability was discovered a few days ago in pre version 5.8
- The vulnerability allows hackers to hack these websites
- We believe this vulnerability should be patched immediately
Learn more about the technical bits here (why we’ve decided this is an update we feel is necessary): https://wpscan.com/vulnerability/95e01006-84e4-4e95-b5d7-68ea7b5aa1a8 and https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/
*This vulnerability applies to websites with both custom developed and commercially available plugins that were never included in the WordPress Plugin Repository. We highly recommend all websites running WordPress pre version 5.8 with custom or commercial plugins not available on the repo update immediately.
How does this impact your business?
We hope that there is zero impact on your business, but I have to advise that this software update may cause your theme or website functionality to break. You should conduct an audit of your website after the update is applied and hopefully catch any issues.
Shane and I discuss implications…
Website Security Critical Update – December 2, 2021 – Watch Video
If you have questions or comments, please contact us below.