If you use WordPress, you’re advised to change your passwords pronto thanks to a cross-site scripting vulnerability that was recently spotted by Future Hosting. The host offers virtual private server (VPS) hosting and dedicated hosting, and in January noticed that there was a vulnerability present in WordPress.org sites. While many WP users utilize the WordPress.com site, just to play it safe all users are recommended to switch up their passwords—plus, it’s a good idea to do so at regular intervals anyway.
That dangerous code is ran in every browser of future visits to stage a full-on attack. Browsers, by design, trust these scripts to make for an enjoyable user experience. However, this is done by making authentication cookies (this goes for admin user cookies, too) vulnerable. According to Maulesh Patel, Future Hosting’s VP of Operations, “Many WordPress users have updated to the newest version, but we’re seeing a substantial number who have yet to upgrade and who are still vulnerable. We advise WordPress site owners to upgrade immediately and activate automatic upgrades on their WordPress site so that security issues of this sort can be mitigated immediately upon the release of a patch.
Don’t rely solely on WP’s automatic updates. They take care of just the smallest point releases, which likely won’t make your site vulnerable to hackers anyway. The major security repairs and preventions require some manual work. If a WP site gets compromised and isn’t addressed, they also become more vulnerable to other attacks and botnets. Having any site, including a WP one, requires regular updates and password changes.
Isn’t VPS Supposed to Be Safer?
As you might be wondering, if Future Hosting specializes in VPS and dedicated hosting, isn’t that supposed to be safer than basic shared plans? Yes, but these options are still not bulletproof. Plus, WordPress sites are some of the most popular and common in North America—you know that and so do hackers. Solely having a VPS site doesn’t make you immune to hack attacks, but it does mean your site is safer than if you went with a basic shared plan.
No matter what kind of hosting you have, it doesn’t take the place of regularly changing your password and opting for updates. It’s all part of being a solid online citizen and smart website owner. However, if you do still happen to have a basic shared plan, take the time to upgrade to VPS as well as schedule reminders for password changes.