With WordPress being the most popular CRM style website platform, used by 26% or all websites, a security problem with a popular SEO plug-in within WordPress has been a serious issue. WordPress however have now fixed the flaw and you can update your website with the new version from this Friday.
What Was The Problem?
The WordPress system allows website owners to quickly and easily update and add to their website by adding all manner of code and functionality in the form of pre-written plug-ins’ that can be searched for, downloaded and installed automatically.
The security issue related to a flaw in the code for one of the very popular and widely installed plug-ins called “The All in One SEO Pack”, downloaded by 30 million users and estimated to be in use now in a million websites.
A ‘Bot Blocker’ component was used in the plug-in to detect and block spam bots based on their user agent and referrer header values, and it was in this element that the vulnerability was discovered.
The seriousness of flaws in some aspects of WordPress has been highlighted several times in recent years such as when 26,000 WordPress websites with the Pingback function enabled were used as part of a botnet to launch DDoS attacks on other websites back in February this year.
What Does This Mean For Your Business?
The discovery of this latest flaw means that if your business website is a WordPress website that has the All in One SEO Pack installed you will need to make sure that you upgrade to this to the latest 2.3.7. version as soon as possible (after Friday), or you can make sure that you don’t have the Track Blocked Bots setting enabled in the website.