Lightning Base

Get Started Now

  • Home
  • Tour
  • Pricing
  • Contact
  • About

Jetpack Vulnerability and Automatic Update

Sunday, April 13th, 2014 / Posted In :Security /  By :Chris Piepho / Comments Off on Jetpack Vulnerability and Automatic Update

Jetpack, one of the more popular WordPress plugins, announced a critical security update  a few days ago. This flaw could allow an malicious user to create arbitrary posts on a site, and combined with other bugs may allow an attacker to take complete control of the site.

Although the Jetpack team did not report seeing any exploits of this flaw in the wild, now that it has been announced it is only a matter of time before attempts against it begin.

Lightning Base Auto-Updates

In general, we attempt to let users manage their sites as they wish – you can control whether to receive automatic updates or to run updates at your convenience. But there are some security issues that are both serious and widespread enough that we decide to push updates to all sites proactively regardless of the website settings (a prior flaw involving caching plugins is one example).

What You’ll See

Any WP installations that have been created by or imported into our management system had their Jetpack plugin automatically updated. You might receive one of three emails:

– A notice that your site upgrade failed because the install could not be located. If you manually deleted or moved an installation, it is possible that our management tool still believes it exists even though it does not. This will generate a failure notice. It can be ignored, or you can delete the installations using the site’s icon in your cPanel. Please respond to the email notice if you need any help doing this.

– A notice that your site upgrade failed for another reason. For instance, if your account is out of space the upgrade may fail. We would highly recommend looking into why this occurred and updating your Jetpack manually. Again, you can respond to the email if you need assistance.

– A notice that your WordPress was updated (plugin update). This means your site is now protected from the exploit.

If you have any questions/concerns regarding the update, please login to https://secure.lightningbase.com and open a ticket – we will be happy to help.



Author : Chris Piepho

Chris is the founder of Lightning Base. You'll find him all over around here - writing on this blog, providing customer service, and handling whatever else needs to be done. You can reach him easily by filling out our contact form and addressing your message to Chris.

WordPress 3.8.2 and OpenSSL Heartbleed Vulnerability
WordPress 3.8.3 and 3.9

Menu

  • Home
  • Tour
  • Pricing
  • Contact
  • About

Archives

  • December 2018
  • June 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • September 2015
  • August 2015
  • July 2015
  • May 2015
  • April 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • May 2014
  • April 2014
  • September 2013
  • June 2013
  • April 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • May 2012
  • March 2012
  • February 2012
  • January 2012

WP Host

Lightning Base: Making WordPress faster, easier, better. Take the tour or get started today.

From the Blog

  • WordPress 5.0

    WordPress 5.0 will be released tomorrow, December 6th. This is one of the largest updates WordPress has seen in a long t...

  • WordPress 4.5.3 Security Update Released

    WordPress 4.5.3 was released today, as announced on WordPress.org. The Update This is a security update, it is important...

  • Public Beta Invite: HTTP/2, HTTPS Caching

    We've been working on changes that enable HTTP/2 and built-in caching for HTTPS sites/pages for several months now. At t...

  • Beta: Free SSL via Let's Encrypt

    We have seen an increasing number of clients interested in SSL (https) for their WordPress sites in the past year or so,...

Menu

  • Home
  • Tour
  • Pricing
  • Contact
  • About
  • Affiliates
  • Client Login

© 2020 Lightning Base LLC. All rights reserved. | Privacy Policy | Terms of Use