Lightning Base

Get Started Now

  • Home
  • Tour
  • Pricing
  • Contact
  • About

WordPress 4.1.2 and Plugin Security Updates

Tuesday, April 21st, 2015 / Posted In :Security /  By :Chris Piepho / Comments Off on WordPress 4.1.2 and Plugin Security Updates

WordPress 4.1.2 was released today. This is a critical security release and should be applied to all existing sites. There has also been a notice put out regarding vulnerabilities in many plugins, which we’ll discuss below.

Core Update Process/Info

If you have our core updates for major or minor releases turned on, the site will be updated within 24 hours. Built-in WP automatic updates are rolling out as I write this as well. With a minor update like this that contains important security improvements I suggest everyone update as soon as they can.

Plugin Vulnerabilities

Yesterday there was a coordinated release of several updated plugins to fix a XSS (cross-site-scripting) vulnerability. Some of these are very popular plugins, there is a list in Sucuri’s post announcing the issue. It is entirely possible other plugins are also affected, not all have been audited. My expectation is that we’ll see updates for less popular plugins as authors go through their code an look for instances similar to those fixed yesterday. Some of the affected plugins have had updates forced out by WordPress.org, but not all of the plugin authors opted in to this response.

Security At Lightning Base

The problems described above are serious, and the best response is to update everything right away. If you have our automatic plugin updates turned on, those will be automatically applied if the plugin is from WordPress.org, but we cannot apply updates to premium plugins that aren’t hosted in the repository (some of which are affected by these problems). Having said that, our system may keep your sites safe even if they have vulnerable plugins.

We have tested some of the sample XSS attacks security researchers have published regarding these vulnerabilities, and are seeing most of those blocked by our webapp firewall. Our automatic virus/exploit scanning and quarantining is helpful as well – it means many attacks will be stopped even after the initial compromise, and also alerts Lightning Base support so we can take a look at how an exploit occurred and attempt to put rules in place to block the vulnerability.

Keep Up To Date

Despite the protections Lightning Base provides, it is important to keep plugins/themes/WP as up to date as possible. Our automatic update option is one good way to do this, but you can also opt-in to the built-in WP updates, or use a management tool (wpremote.com, managewp.com, infinitewp.com, mainwp.com, ithemes.com/sync/, etc.) to efficiently manage and update a large number of sites. Running updates manually is great too if you’re working in the site on a daily basis.

Questions / Problems?

If you have any questions about security or run into problems with an update, don’t hesitate to login to our https://secure.lightningbase.com client area and click the “Open Ticket” menu – we will be happy to help.



Author : Chris Piepho

Chris is the founder of Lightning Base. You'll find him all over around here - writing on this blog, providing customer service, and handling whatever else needs to be done. You can reach him easily by filling out our contact form and addressing your message to Chris.

WordPress 4.1.1 Released
WordPress 4.2 Released

Menu

  • Home
  • Tour
  • Pricing
  • Contact
  • About

Archives

  • December 2018
  • June 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • September 2015
  • August 2015
  • July 2015
  • May 2015
  • April 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • May 2014
  • April 2014
  • September 2013
  • June 2013
  • April 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • May 2012
  • March 2012
  • February 2012
  • January 2012

WP Host

Lightning Base: Making WordPress faster, easier, better. Take the tour or get started today.

From the Blog

  • WordPress 5.0

    WordPress 5.0 will be released tomorrow, December 6th. This is one of the largest updates WordPress has seen in a long t...

  • WordPress 4.5.3 Security Update Released

    WordPress 4.5.3 was released today, as announced on WordPress.org. The Update This is a security update, it is important...

  • Public Beta Invite: HTTP/2, HTTPS Caching

    We've been working on changes that enable HTTP/2 and built-in caching for HTTPS sites/pages for several months now. At t...

  • Beta: Free SSL via Let's Encrypt

    We have seen an increasing number of clients interested in SSL (https) for their WordPress sites in the past year or so,...

Menu

  • Home
  • Tour
  • Pricing
  • Contact
  • About
  • Affiliates
  • Client Login

© 2020 Lightning Base LLC. All rights reserved. | Privacy Policy | Terms of Use