According to the Wordfence security newsletter, a WordPress plugin security fix was just posted for the popular CommentLuv plugin. This fix addresses a cross-site scripting (XSS) vulnerability that was discovered and quickly remedied by the plugin author. My Website Management Program clients using CommentLuv have been updated. If you are using CommentLuv, be sure to update it as soon as possible to eliminate this security flaw.
A Cautionary Tale
I moderate a Yahoo group and noticed that last week we got spam messages from three of our members. This is quite unusual, although we’ve had the occasional spam link posted to the group when someone’s email account was hacked. Having three posted in one day was way out of the ordinary. I noticed that all three members had Yahoo mail accounts. I put them all in moderated mode and warned them of the problem so that they could change their passwords and scan their computers for malware in case a trojan had found its way onto their respective machines.
I learned today from the same Wordfence newsletter that Yahoo had had a security breach that affected some of their email accounts. The source of the breach? An old version of WordPress that the Yahoo developers had left laying around and forgotten about! This is a prime example of why it’s so important to keep WordPress updated to a very recent, if not the latest version. The WordPress developers are very good about plugging security holes as they’re discovered and issuing updates to keep our WordPress sites as secure as possible.
This is why my Website Management Program exists. Most people have enough to do just running their business without having to worry about updates and security patches. Keeping my clients’ sites safe and secure is my number one priority.