Find Out If You Use WordPress.Com or WordPress.Org

The most common question that many WordPress users struggle with is how to tell if their website is on either WordPress.com or WordPress.org. On this blog post, we share the most basic ways of telling the two apart.

The key difference between WordPress.com and WordPress.org is hosting.

Let us begin by defining web hosting. It is the process of space allocation on a web server for a website to store its files. These files that comprise a website (HTML, CSS, files and images) are made available for viewing online.

WordPress.org often referred to as self-hosted WordPress, is usually set up with your own hosting provider, e.g. GoDaddy, Bluehost, 123 Reg, or a company like WP Support Specialists.

You can customize your website design as needed, and you are also able to run custom analytics and tracking for your website.

On the other hand, you pay WordPress.com to host your website domain for you. This kind of website is easy to use and does not require installation. However, your website will not be completely under your control and the design and themes are limited.

With all said you are still probably wondering whether there is another way you can tell if your website is on wordpress.com or self-hosted? Yes there is J

 A more practical way of checking the difference is by using your browser and following these simple steps:

  1. Go to your browser; type your website’s domain followed by /wp-login.php. This takes you to your WordPress login dashboard.
  2. Your WordPress login dashboard will appear, login to your website’s backend with your username and password.
  3. Once you are at the backend, hover your mouse over the WordPress logo at the top left corner of the page.
  4. On the dropdown list, you will see either WordPress.org or WordPress.com

Wordpress.org screenshot

We hope this blog clearly illustrates how you can tell which WordPress hosting platform you are on.

If you have any further questions about how do i tell if my website is on WordPress.com or WordPress.org, feel free to contact us here with your query.

Managed WordPress Hosting And Support

Managed WordPress hosting and support in a single, affordable package is hard to come by.  There are many companies offering fully managed WordPress hosting, and many others offering WordPress technical support – but few combine the two.

Really this makes no sense: websites need hosting and websites need maintenance – it’s just a fact of the digital world.  But WordPress website owners have to shop around to find the best managed WP hosting company for their needs.  Then most owners simply try to manage the regular maintenance themselves, without having any training or expertise in WordPress management.

And there are several disadvantages to these approaches:

1.Not All Website Hosting Is Created Equal

WEBSPACE

The size of a website dictates the amount of webspace it requires.  Around 1Gb is fine for small sites with modest website traffic, but the bigger the site, the more webspace it requires – those huge, complicated sites with 1000s of visitors plus per day, are going to need to have hosting with unlimited webspace.

It’s not easy to predict the amount of webspace you will need for your site and consequently makes it hard to find the right hosting package for you.

SERVER

Hosting can be shared or on a private server – again the best choice depends on the anticipated website traffic.  General shared hosting, as offered by companies such as GoDaddy, Bluehost and 123 Reg, means your site will share the server with other company websites. Consequently this type of hosting can be adequate for small sites where uptime and site speed are not critical, but far from ideal for sites with large volumes of traffic. In the latter case, website speed may be slow and if you have too much traffic, the site is likely to crash

Private server hosting means you have resources that are not shared by others. This provides more power and flexibility than being on a shared account, but costs more.

For a WordPress website, it makes sense to choose WordPress specific hosting. It may be slightly more expensive than general hosting but is optimised for WP and ensures the website runs faster and can be more easily maintained.  But many of the “big names” in website hosting don’t offer this option.

In short finding the right hosting package for your WordPress website can be tricky if you don’t  know the right questions to ask.

2. WordPress Maintenance Isn’t All Plain Sailing

In theory, WordPress is a free platform available for all to use. The reality is that it is hard to maintain a WP site securely if you’ve taught yourself everything you know about the platform.

Many business owners don’t even appreciate the need to regularly maintain their website: it needs to be backed up regularly, to be monitored for malware, and plugin and core updates need to be done in a timely manner.

Even those who do realise regular maintenance is essential, don’t have all the skills they need to carry it out effectively. Or alternatively they get so caught up in the demands of their business, that the website maintenance gets overlooked all together.

The result? At some point or other the website is going to have problems. And at that point, WordPress support is needed – again another hassle for the business owner who has to try to find a company to help them as soon as possible.

 

For all of these reasons, we have created a Managed WordPress Hosting and Support package which offers reliable, WP specific hosting and expert support delivered by trained WP specialists.  We work with a modest number of clients, enabling us to provide a truly personal service for each one (quite different to the likes of Godaddy and Bluehost who manage hundreds of thousands of customers).

If you’re fed up with your unhelpful WP hosting company, who tend to blame the WordPress platform itself for any problems you report, and you want quality support from friendly, WP experts then consider our managed WordPress hosting and support package.

 

 

Premium WordPress Hosting And Support

Premium WordPress hosting and support is ideal for companies with WordPress websites who want to leave the management of the site to experts so they can focus on their business.  As the name suggests, premium WordPress hosting and support comprises a top-notch service which includes:

  • WordPress specific hosting, specifically designed to deal with the “application nuances” of this CMS and ensures optimal caching and security for WP sites
  • A fast loading website which is essential for your website to please Google (and so show high in search results) and also to please your website visitors
  • The ability to quickly fix any security issues identified by WordPress
  • Regular maintenance of the website including daily back-ups, malware protection plus core and plugin updates
  • 24/7 WordPress support if things go wrong
  • WordPress support services delivered by experts who work solely with the WordPress platform and know everything there is to know

Whilst business owners realise they need to host their website via a third party hosting party, many mistakenly believe that they can support their site without external assistance; but unless they are an expert in all things WordPress, things have a tendency to go horribly wrong.

For example, WordPress plugins and core updates need to be made frequently, but if the whole website isn’t backed up properly first and something goes wrong, a lot of data is going to be lost.

Similarly if the site isn’t fully protected against hackers and malware, and actively checked for malicious behaviour on the site, it can become compromised.

At this point, business owners realise their error – they will have search for WP experts who offer emergency support, and then pay out hundreds or thousands of pounds for the experts to investigate the problems to put everything right.  And during this process of course, the website isn’t working and the business is losing potential customers and sales.

How much more sensible it would have been to follow the “prevention is better than cure” philosophy.

For all of these reasons, we have created a WordPress premium plan which offers both fast, reliable hosting and superb support delivered by specific WP experts.  We support small businesses on a regular basis and pride ourselves on developing a personal relationship with them – not for us the impersonal approach of the “big” hosting companies such as Godaddy and Bluehost where you are just one customer amongst hundreds of thousands.

Are you fed up trying to deal with your hosting company, who are slow to respond and then simply blame the WordPress platform itself for any below par performance? Do you need regular support from friendly, experienced WP experts to keep your website ticking over reliably? If yes, then consider our premium WordPress hosting and support package.

WordPress Website Security: 20 Ways To Give Hackers The Runaround

It’s a sad fact that malicious malware and website hacking are an all too common a reality.  Therefore it’s imperative to seriously consider your WordPress website security and take appropriate steps to keep it out of the clutches of hackers.

Our list below outlines 20 easy steps you can take to maintain your WordPress website security at a high level, and give those pesky hackers the runaround!

1. Secure the login page – the standard website login page can easily be reached by adding /wp-admin/ or /wp-login.php to the website URL.  Change this to prevent hackers from finding your login page with ease.

2. Change the admin username – never use “admin” as the username for your main administrator account.  Change it to something which hackers won’t be able to guess.

3. Password control – ensure your passwords are strong by using upper and lower case letters, numbers and special characters. Change them regularly.

4. Use a login captcha – add the captcha function to your login page to prevent robots continually trying to access your website.

 

WordPress website security captcha code

 

5. Set up a lock down feature – use a plugin such as iThemes Security to lock down access after a predetermined number of failed login attempts. The user’s IP address also gets banned.

6. Protect the wp-admin directory – use a password to protect entry to this directory which is at the heart of any WordPress website.

7. Use a SSL (Secure Socket Layer) Certificate – this encrypts data between the browser and website server protecting it from attack by hackers.

8. Manage user accounts carefully – if you grant another user access, ensure that they too have a strong password.  When the user no longer needs access, ensure you deactivate their access.

9. Set appropriate levels of access – any user with admin access to your site can edit files, plugins and themes.  Manage this by giving users the level of access they need.  For example, if a user only requires to edit pages and posts and add new images etc. then they only need “Editor” level permissions, not admin.

10. Use security orientated plugins – eg. Sucuri Scanner and WP Security Audit Log

11. Use only reputable themes and plugins – only ever use themes and plugins from reputable suppliers, and ones which have been recently updated – which indicates they will be optimised as far as possible from malware threats and be compatible with others

12. plugins or themes that you don’t use – if you’re not using them, you’re likely to forget to update them. So best delete them to prevent hacking. This also helps to improve the speed and operation of your site

13. Choose a secure hosting company – opt for the best hosting you can afford, ensuring that the company addresses security vulnerabilities on its own host.

14. Make regular secure backups – ensure your website is fully backed up, so in the event of hacking, you have the backup to revert to.  BackUpBuddy is a great plugin which automatically backs up your site.

15. Monitor for Malware – run regular Sucuri checks (which are free) but bear in mind that, depending on the infection, they don’t always show a problem.

16. Remove any malware as soon as possible – if your site has been infected, you may not be able to remove the malware yourself.  In that instance you will need to pay a WordPress specialist company to fix the problem.

17. Update core system as new versions are released – WordPress versions are regularly updated to fix bugs and prevent vulnerabilities that have been identified in the previous version.  Your dashboard helpfully shows when new versions are available.  However before doing any updates, ensure your site is fully backed up.

18. Update plugins as new versions are released – check for new releases in the plugin section of your website.  Before you update any plugins, ensure they are compatible with the core WordPress version you are using. Also make that all important website backup before you do anything.

19. Accessing your website – when logging in from your computer, ensure your PC is virus-protected by installing antivirus software (eg. AVG, Avira, Comodo).

20. Use some common sense!  Never log into your website on an unsecured network!

We hope you find these 20 tips about WordPress website security useful and that you’ll crack on with implementing them – the sooner you do, the sooner you’ll be giving potential hackers a a much tougher time!

If you need help to maintain your WordPress website security – or indeed have any other WordPress related question – why not drop us a line? We’re sure we’ll be able to help!

Planned WordPress Maintenance – Is It Really Necessary?

You may have heard mention of planned WordPress maintenance, but even if you have a WordPress website, you may think it’s not strictly necessary.  And if that’s your view, then you’ll be one of thousands of WordPress managers who all feel the same way!

Shocking Statistics

The results of a 2015 WordPress survey conducted by CodeGuard frankly didn’t surprise us.  It seems a large majority of WordPress website owners aren’t too concerned about planned WordPress maintenance.

We weren’t shocked to hear that:

  • 21% of WordPress users back up their site ‘occasionally’
  • 26% of WordPress website managers have ‘some’ training
  • 22% of WordPress users think backups are unimportant

We have seen the fallout first hand from companies who fail to take precautions to ensure their WordPress website is not vulnerable to malicious hackers or malware.  We’ve held the hands of many a website owner that didn’t have WordPress maintenance in place and who ‘forgot’ to back up essential files – but then deleted them in the all too common curse of human error.  And we’ve had to sort out plenty of messes when WordPress plugin updates have gone bad.

Common WordPress Mistakes

WordPress is such a popular CMS, used by well over 20% of global websites, for the very reason that it is so easy to use.  But many users fall into a false sense of security – just because it’s easy to use they seem to completely overlook the fact that their WordPress website has the potential to go wrong!  Common mistakes made include:

  • No Backups – Hands up if you back up your website regularly.  Well done you – but hands down if you think that means once every 6 months.  Not carrying out regular backups (at least monthly) means your data is vulnerable to loss
  • Installing Unnecessary Plugins – we all love a nifty plugin but have you installed dozens of plugins which you aren’t actually using?  By not deactivating unnecessary plugins your website could be running slower than it needs to
  • Not checking the verity of free themes and plugins – you see a great free theme and go right ahead and install it, not checking to see if it is from a trustworthy source.  A high number of WordPress websites get infected by malware this way.
  • Human error – we are all prone to it but inexperienced WordPress users may make a big mistake just because of their lack of training in the software.

The Benefits of Planned WordPress Maintenance

When clients come to us with a WordPress emergency, we get their website back up and running as fast as possible.  And from that point on, our clients are sold on the idea of having regular WordPress maintenance carried out by WordPress experts.  They fully appreciate the ‘prevention is better than cure’ scenario.

A good website is fundamental to all businesses – and if it goes down, not only do you have to pay to get it up and running again, but business is being lost and reputation is being damaged every single minute it’s offline:

  • clients can’t contact you
  • clients can’t place their order
  • potential clients can’t find your website (and be sure that they won’t bother looking for you again as they’ll have found one of your competitors to match their needs)

Many companies can’t afford to have their own in-house IT support, so rather than cross your fingers and pray to Lady Luck, WP Support Specialists recommends a regular WordPress maintenance package that will give you peace of mind.  This will save you ££££ in the long run – consider it as an insurance policy for your online business presence so you can rest easy knowing your WordPress website is in the hands of experts.

Typical planned WordPress maintenance packages cover the following:

  • Secure backups
  • Backup restoration if required
  • Malware monitoring and removal
  • WordPress Plugin updates
  • WordPress core system updates
  • WordPress Theme updates

Just imagine being able to focus on your business knowing your website is in capable hands.  Think about being able to go away on that important business trip or a week away with the family without worrying that your website might go down.  We recommend regular WordPress maintenance for all WordPress websites!

Read more about the WordPress maintenance packages on offer from WP Support Specialists here.

 

Hacked Websites Report Q2 2016 – Is YOUR Website In Capable Hands?

Sucuri has just released its 2016 Q2 report on hacked websites based on the analysis of 9,771 infected websites. And it makes for an interesting read, particularly when you consider their final point:

“There is currently a sharp decline in the knowledge required to have a website, which is breeding the wrong mindset with website owners and service providers alike.”

They’re almost going as far as to say that too many hacked websites are the result of  their owners, webmasters and hosting companies not doing what they should be doing to keep the website secure.

Which is a worrying thought for most people – is YOUR website in capable hands?

 

Let’s look at some of the findings from the Sucuri hacked websites report.

1. Which CMS Platforms Were Most Commonly Affected?

The most common hacked websites were those using WordPress (74%) , Joomla (16%) and Magento (8%). This in part is a reflection of the usage of these different platforms – WordPress absolutely dominates the world of website CMS platforms making up 59% of all CMS, then Joomla 6.2% and Magento at 2.8%* – and the more websites there are using a particularly CMS, the more infected sites there are likely to be.

Indeed Sucuri states early on in the report that the data does not imply that WordPress, Joomla or Magento are more or less secure than other platforms – in most cases, the problems seen were little to do the core system, but far more to do with webmaster and hosting mistakes!

2. In-Date or Out-of-Date Software?

Sucuri reviewed whether the CMS being used was fully up-to-date at the point the website was infected, or not. CMS updates and patches are released regularly to ensure the systems work at a high level of security, but unfortunately many webmasters don’t maintain their sites rigorously, and allow them to become out of date.

And as Sucuri so succinctly says, “With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.”

Of the 9771 websites examined, Sucuri discovered an amazing:

• 55% WordPress sites were out of date
• 86% Joomla sites were out of date
• 96% Magento sites were out of date

making it easy to see a clear relationship between infected Joomla and Magento websites and webmasters who aren’t maintaining their sites properly.

3. Focus on WordPress

As the world’s most popular CMS, the cause of attacks on WordPress websites was examined in greater depth.
Three out-of-date and vulnerable WordPress plugins were responsible for 22% of all the WordPress compromises, and the frequency of each responsible plugin is shown below:

• Revslider (46%)
• TimThumb (27%)
• Gravity Forms (27%)

Since each of these plugins have had fixes available for more than a year (TimThumb since 2011), Gravity Forms (since December 2014) and RevSlider (publically disclosed in September 2014), the fact that 22% of all the infected WordPress websites were still using at least one of these, is of concern.

Sucuri concludes that the WordPress community still faces a challenge in making website owners and webmasters aware of patches and fixes and encouraging them to keep their websites up-to-date and secure.

4. Malware

The most common malware families responsible for the hacked websites were

71% Backdoor (files used to reinfect and retain access)
60% Malware (browser-side code used to create drive by downloads)
38% SPAM-SEO (compromise that targets a website’s SEO)
8% HackTool (exploit or DDOS tools used to attack other sites)
7% Mailer (spam generating tools designed to abuse server resources)
3% Defaced (hacks that leave a website’s homepage unusable and promoting an unrelated subject)
3% Phishing (attackers trick users into sharing sensitive information eg. log in information, credit card data etc)

The worrying thing to note here is that 71% of all infected websites had backdoor attacks which allow the intruders to bypass controls without presenting any external signs of hacking to website visitors. These backdoors are particularly effective as they can’t be detected by most website scanning technologies.

SPAM-SEO hacks were also on the rise – up to 38% in Q2. This is where the sites were infected with spam or redirected web visitors to spam pages such as content about Viagra, casinos, porn etc.

5. Blacklisting

Nobody wants their site to be blacklisted by Google, Norton or McAfee as it can damage the company’s reputation enormously, can adversely affect search rankings and also cause havoc with email systems.
However the research into which infected websites were blacklisted provided some startling statistics: only approximately 18% of the infected websites were blacklisted.

So that means that 82% of the 9,771 websites examined were free to distribute malware!

 

IN CONCLUSION – A large proportion of hacked websites arise simply because the CMS core system, the plugins, the scripts etc have not been kept up-to-date.

Even if a malware attack doesn’t cause your site to crash, there are several reasons your website visitors will flee when your site is hacked.  Furthermore infected sites can get blacklisted by Google – or perhaps even worse – keep on functioning and spreading malware to all your website visitors.

It is impossible to over emphasise how important regular maintenance is to reduce your website’s vulnerabilities and help secure it against attack.

Are you sure that YOUR Website is in capable hands?

See the full Sucuri Hacked Website report here

WP Support Specialists is a global WordPress support business dedicated to WordPress and WordPress alone! We offer emergency support and regular WordPress maintenance packages. If you want to have a no obligation chat about how we can keep your website secure, please get in contact.

* Data taken from W3Techs

Is Your UK Website One of the Half a Million at Risk?

According to the Federation of Small Businesses, there were over 5 million small to medium-sized enterprises (SMEs) in the UK at the end of 2014.  Since nearly 25% of websites globally use WordPress, we can estimate that there are 1.25 million UK WordPress websites supporting UK SMEs.

No surprise there.  But the shocking fact is that a high proportion of these websites are not being updated regularly. w3techs.com reported that 23% of WordPress websites they surveyed had not been updated to the current version, and our own small survey of 250 UK websites showed that 75% weren’t using the current version!

It’s possible to crunch the numbers and conclude that between 290,000 and 937,500 UK WordPress websites are probably out of date – let’s just call it half a million.

So does this indicate that half a million business owners don’t care about their website?  Are they not bothered about malware, hackers and how they might consequently lose clients? Are they indifferent to the improvements that each new version of WordPress offers its users?

Surely not.  It’s far more likely that most SME owners have simply no idea about the importance of regularly updating their WordPress website.

So let’s reiterate the importance of updating your WordPress website.

Firstly you need to understand that WordPress issues Major and Minor releases.  Major updates (two digit releases eg. 3.9 and 4.2) include code changes and new features. Webmasters need to upgrade their own website manually with these. The Minor updates (three digit releases eg. 4.1.4 and 4.2.1) are intended to fix bugs and patch security issues.  These are automatically installed on the website.

By keeping your WordPress website up to date, you’ll reap the following benefits:

  1. Improved Security

Hackers are unfortunately a way of life nowadays and they are always trying to infiltrate WordPress websites to cause mischief and havoc – ranging from loss of data, sending inappropriate communications to your customers and trying to spread their evil far and wide.

Fortunately because WordPress is an open source platform, the massive community of developers and users will quickly spread the word if a security vulnerability is found in the current version.

For people with an updated website, minor releases to fix the vulnerability will be installed automatically.  But if a business owner has let the website version control lapse, the website will have to be updated manually to take advantage of these critical security improvements.  If they don’t, their website is at significant risk from hackers.

The problem is that manual updates are quite complicated for people who aren’t experts in WordPress.  There are a number of hints and tips found on the WordPress.org website such as never upgrade across more than 2 major releases at one time.  The manual process also requires that you back up your database and files, check the backup has worked and deactivate plugins before you can start to update your WordPress version.

If you care about the security of your website and don’t want to lose clients and income due to a hacked website, then you must keep your WordPress version regularly updated.  If your website is powered by a very old version (3 or before) you will probably need expert help to get you up and running on the current version.

  1. Better Website Performance

Major WordPress updates come out 3 or 4 times a year and are destined to improve your website performance, often by offering more functionalities.  For example, new features in version 4.2 included better updates from the AddPlugins screen, Emoji Support and an improved ‘Press This’ feature.

After a Major update, many plugins will also get updated to maintain their compatibility with the core WordPress site and to take advantage of the new features.

If you want a website that performs well and offers all the most recent features of WordPress and associated plugins, you need to update your WordPress version regularly.

Summary – Considering the statistics about WordPress updates, it seems clear that SME owners really don’t understand the importance of keeping their WordPress website updated. But perhaps after reading this article, they will check the WordPress version powering their website, and update it without delay!

10 Foolproof Ways to Improve Your Website Security

According to a recent post by Sucuri, the increased number of tools and applications which enable individuals and companies to set up their own website might be a great thing, but the downfall is that many people don’t know how to make their websites secure – in fact many webmasters aren’t aware of the importance of keeping their website secure.

So what are the top 10 ways all webmasters should be ensuring their website security?

1. Regular Updates

When a new plugin or CMS version becomes available, your site must be updated at once.  Hacking bots are automated and constantly look for vulnerabilities in websites. If you don’t want you website to be hacked, keep it up to date.

2. Password Security

Sucuri notes that many webmasters have passwords that are ridiculously easy to crack using password-cracking programmes.  Any password that contains a real word is more likely to be guessed than a password that is created from a truly random combination of letters, numbers and symbols.

The solution?  Ensure your password is unique, long and complex.

  • Unique – don’t use the same password for different programmes or accounts. If a hacker finds your website password, it shouldn’t give them access to your email or your online banking.
  • Long – at least 12 characters
  • Complex – only a random string of characters will do

Of course it will be almost impossible to remember a complicated, random 12 character password – and Sucuri recommend you use a password manager such as “LastPass” (online) or “KeePass 2″ (offline).

3. One Website per Server

When you have a web hosting plan that enables you to host many websites on one server, it is tempting to do so.  But Sucuri points out that a if a hacker gets access to one of the sites, the infection will spread to the others very easily.  Furthermore, the clean-up operation becomes more complicated as the infected sites keep on reinfecting one another as you try to weed out the virus.

Best security advice?  One website per server.

4. Manage User Access

Invariably you will need to give several users access to your website.  But make sure each has their own user access, with the appropriate minimal level of access that they require to perform their job. This not only reduces the impact of any compromised accounts, it also enables you to monitor what the users are doing when they access your site.

5. Alter Default CMS Settings

When installing your CMS make sure you change the default settings.  This will help protect against attacks which look for the default settings being used.  Even if you didn’t change them during the installation procedure, you can change them at a later date.

6. Choose Extensions Carefully

There are so many extensions and plugins available but you need to choose which you opt for carefully.  Sucuri recommends the following key points to help choose your extensions with security in mind:

  • Download from a legitimate source: many sites offering free extensions which seem too good to be true often are – these extensions are likely to be infected with malware.
  • Check Date of Updates: if the extension hasn’t been updated in over a year, it’s unlikely you’ll get support from the author if there are security issues. Choose an extension that is currently supported by the author.
  • Experience of Developer: an experienced developer is more likely to know about best security practices and will ensure their extensions are safe to maintain their own reputation

7. Backups

It’s not enough to backup your website – you need to make secure backups.  Don’t store your backups on your web server as they often contain unpatched versions of your CMS which can give hackers the server access they want.

8. Server Configuration Files

By accessing your server configuration files, you can set server rules which will improve your website security. Sucuri recommends adding the following rules for your web server as a minimum:

  • Prevent directory browsing – this stops hackers seeing the directory contents on your website
  • Protect sensitive files – you need to put some locations on lock down eg. CMS configuration files (as they contain the database login information) and other administration areas.

9. Use a SSL Certificate

Particularly important for e-commerce websites, the SSL Certificate encrypts data between the browser and website server meaning the data is protected from the Man in the Middle attack.  However Sucuri notes that SSL does not protect your website from hackers, nor does it stop it distributing malware – but it does protect visitor information and ensure you won’t get fined.

10. File Permissioons

There are 3 file permissions available: read, write and execute, and each permission is represented by a number.  On installation, most CMSs have the permissions correctly configured so it’s not something you normally need to worry about.

However there is a lot of bad advice circulating around the internet – if you’re trying to find help about how to fix permission errors, people may advise you to change the file permission to 666, or folder permission to 777 – yes it will fix the errors but this is terrible security advice – these codes leave your site wide open to malware.

Conclusion – webmasters need to be aware that websites are being continually searched by automated bots looking for a way in to cause havoc.  But by following the recommendations from Sucuri, their website security will be dramatically improved.

Cross Site Scripting Vulnerability in WordPress

A cross site scripting (XSS) vulnerability in WordPress has been reported which affects multiple plugins.  This has come about due to the erroneous use of certain popular functions used to modify and add query strings to URLs by developers.

Security company Sucuri has checked nearly 400 plugins and found a number contained the vulnerable code*.  However since there are thousands of WordPress plugins available, some of which are likely to be affected, everyone with a WordPress website should take immediate action to ensure their website is secure.

Action to be Taken:

  1. From your wp-admin dashboard, update out of date plugins now
  2. Check regularly for updates to WP plugins that you use and update them as soon as possible

If you want more information about this vulnerability and how to keep your WordPress website secure, please visit these links:

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins

*Plugins confirmed to be affected by the XXS vulnerability

Alternatively if you need any assistance from WP Support Specialists, just Contact Us