Security Update for WordPress Core

An important security update was released today for WordPress. Version 4.5.2 fixes several vulnerabilities that could allow users to compromise your site. WordPress versions 4.5.1  and earlier are vulnerable, and should be updated to the latest version of WordPress as soon as possible.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Once you’re running WordPress 4.5.2, you’re protected from these vulnerabilities.

We also recommend that you take this moment to ensure you’re running the latest and greatest version of VaultPress. You can do so by heading back to Dashboard → Updates in your WordPress dashboard. If an older version of VaultPress is listed on this page, you’ll have the opportunity to upgrade to the latest version with a single click. You can also find our plugin in the Plugin Directory.

By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

Posted in General, Security | Comments Off on Security Update for WordPress Core

Security Update for WordFence

An important security update has been released for the WordFence Security Plugin in Version 6.0.22. The security update fixes an XSS vulnerability that was reported by Matt Rusnak.

We have attempted to automatically upgrade all of our customers to the newest version of WordFence. You can verify that you’re running the latest version of WordFence Security on the Plugins page in your WordPress dashboard. We also added this security threat to our security scanner so anyone who begins using VaultPress after today will be notified of this threat.

If you have a site using WordFence but do not have VaultPress installed, you can protect yourself by upgrading under Dashboard → Updates in your WordPress dashboard.

As always, if you have any questions, drop us a line!

Posted in Security | Comments Off on Security Update for WordFence

Security Update for Akismet

An important security update has been released for the Akismet Plugin in Version 3.1.5. The security update fixes an XSS vulnerability that was reported by Sucuri.

You can protect yourself by upgrading to the latest version of Akismet 3.1.5, under Dashboard → Updates in your WordPress dashboard.

We have released VaultPress 1.7.8 which will protect your site from this vulnerability. We have also attempted to automatically upgrade our customers to this newer version of VaultPress and Akismet. You can verify that you’re running the latest version of Akismet 3.1.5 on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

Posted in Security | 2 Comments

Security Update for Jetpack

A couple of important security and maintenance updates have been released for the Jetpack plugin.

You can protect yourself by upgrading to the latest version of Jetpack 3.7.2, under Dashboard → Updates in your WordPress dashboard.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to exploit the contact form present in Jetpack through a specially crafted malicious email address. A vulnerability was also reported by Jaime Delgado Horna of Listae that showed that Jetpack version 3.7.0 is vulnerable to an information disclosure vulnerability in certain hosting configurations.

Both of these threats have been addressed in the recent update.

We have attempted to automatically upgrade any VaultPress customers that are running an outdated version of Jetpack. You can verify that you’re running the latest version of Jetpack 3.7.2, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

Posted in General, Security | Comments Off on Security Update for Jetpack

WordPress 4.3.1 Security Release

WordPress version 4.3.1 was released today, which is a security update for all previous WordPress versions. This version of WordPress addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. (CVE-2015-5714). WordPress 4.3.1 also fixes twenty-six bugs! You can read the full announcement here.

To help keep sites using VaultPress secure, we have released a hotfix to proactively protect our users. A hotfix is essentially an immediate security fix delivered by the plugin to plug a vulnerability found elsewhere (either in WordPress core or another plugin). For those who haven’t upgraded yet, it will provide protection before you are able to. Finally, we are also e-mailing all owners of affected websites with upgrade instructions.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Otherwise, you can download WordPress 4.3.1 directly. Once you’re running WordPress 4.3.1, you are protected from these vulnerabilities.

As a friendly reminder, VaultPress recommends enabling automatic WordPress updates if they are disabled on your website. By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

Posted in General, Security | Tagged , | Comments Off on WordPress 4.3.1 Security Release