Thanks to HostPapa’s server health monitoring and automatic vulnerability patching, almost 200,000 WordPress installations on HostPapa servers were quickly and automatically protected against a severe content injection vulnerability earlier this week, ensuring that not one single HostPapa customer fell victim to intrusions.
Background:
As part of a vulnerability research project, the good folks over at Sucuri have been auditing multiple open source projects looking for various security issues. While combing through WordPress, one of the largest open source content management systems on the market, they discovered a severe content injection (privilege escalation) vulnerability affecting the REST API in the latest release 4.7.0. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site. Not good!
After disclosing their findings to the WordPress Security Team, Sucuri worked closely with them to coordinate the disclosure timeline and get as many hosts and security providers aware and patched before this became public. A fix for this was included on version 4.7.2 which was released earlier this week and can be downloaded here.
How HostPapa’s Server Health Team Protected Customers:
The security and safety of our customers and their data is important to everyone here at HostPapa, which is why we have put measures in place that can protect them in critical situations such as this one. Our Server Health reports indicate that over 186,000 of our customers’ WordPress installations were automatically patched and protected from any content injections related to the vulnerability that Sucuri detected.
HostPapa’ s automatic vulnerability patching system detects any files on our servers that may have vulnerabilities within them and automatically replaces them with updated files where the vulnerability has been fixed. This means that any intruders or hackers who begin trying to take advantage of a recent security weakness such as this content injection vulnerability can not access the WordPress installations of HostPapa customers.
While our patching system ensured that our customers’ WordPress installations were protected from this specific vulnerability, it’s advised that all users of WordPress, not just HostPapa customers, remember to keep their WordPress install, and all plugins and themes, up to date to the latest released version.
For further reading on WordPress security and optimization check out the following articles:
6 WordPress Security Plugins You Can Actually Trust
How to Update WordPress Safely on a Shared Hosting Plan
WordPress Tutorial: Master Your Website’s CMS
And if you want the added protection of a Website Application Firewall, products such as SiteLock exist to not only provide you with that added layer of protection but also offer remediation services in the event that there is a security breach. HostPapa customers can also enlist Sucuri for added security and protection by contacting our customer care team through your HostPapa Dashboard.
For detailed information about this WordPress vulnerability, read this article.
