Today, we released an update to the VaultPress plugin (1.3.2) to protect against a recently identified security vulnerability in the WooThemes framework.
We’ve already pushed version 1.3.2 of the VaultPress plugin to all sites with a WooThemes file for which we have credentials. Those sites are now protected against the vulnerability.
If you have the WooThemes framework installed and you’re not running version 1.3.2 of the VaultPress plugin, we were not able to update your plugin to close the vulnerability. Please download version 1.3.2 of the plugin and install it to protect your site. Better yet, enter your site’s FTP credentials in the VaultPress dashboard. In your dashboard, click Configure FTP, MySQL, & SSH to enter the FTP credentials. When you’ve got that done, send us a note and we’ll update your plugin for you. Providing your FTP credentials will allow us to push VaultPress plugin updates to your site automatically, which will keep your site protected against known vulnerabilities.
We recommend that you update your WooThemes framework. From the WooThemes blog:
“We recommend all users update their themes to the latest version, it’s really easy. Click the “Update Framework” button in our theme framework in the WP backend to grab and install the latest version.”
Remember, to keep your site secure, keep WordPress, your plugins, and themes up-to-date. All users accessing your WordPress admin area should use strong passwords and make sure you delete plugins and themes that you’re no longer using.
Learn more about how VaultPress can protect your content, theme, plugin, and site settings and customizations. Contact us with questions, or sign up to protect your site.