This past week saw two WordPress plugin security alerts issued for extremely popular plugins: WordPress SEO by Yoast and Woocommerce by WooThemes. If you are using either of these plugins, please update immediately.
If you are a client of mine using either of these, you’re already updated. This is just to let you know in case you see one of the many alerts flying around.
This is also to alert those who are NOT currently clients of mine that you need to check your sites and be sure these plugins are updated if you’re using either or both of them.
How Do I Know If I Need To Update?
If you log in to your WordPress admin dashboard and there are updates available, you’ll see a red circle with a number in it at the top of the screen toward the left corner. Click on that circle to go to the Updates page and see the list of available updates. Be sure to apply any updates shown for WordPress (you should be on v4.1.1 by now) or plugins.
If there are theme updates showing, make sure that your active theme has not been modified in any way (you should be using a child theme to modify the theme’s behavior) before applying the update. If your theme has been modified, check with your theme developer before applying any updates.
Which Versions Are Safe?
WordPress SEO by Yoast should be at v1.7.4. All versions 220.127.116.11 or earlier have the security flaw and must be updated immediately.
Woocommerce should be a v2.3.6. Again, you must assume that all previous versions are compromised and need to be updated ASAP.
As always, be careful out there!
Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net