Skip to content

WordPress 4.7.2 – critical update

If you are running wordpress, and you are not completely stupid, you have automatic updates enabled. In this case, your wordpress just updated itself to 4.7.2, because of a critical bug in the WordPress REST API.

The release information explains the security content of the 4.7.2  update and why one fix was explained only after the fact.

Hanno Böck has an opinion piece over at (german language) about why WordPress is still the most secure CMS. He explains how WordPress structurally separates local site modifications from the core, and how this enables them to provide an automatic update procedure – which you should enable. Joomla, Typo3 and Drupal should change and copy that invention.

If you are running WordPress, you would also like to install the plugins such as WordFence, Google Authenticator (for 2FA), Security Ninja (for a quick security audit) or similar. A general overview of hardening a WordPress installation can be found in the Codex.

EDIT: Over at Wordfence, they have an article about login vs. XMLRPC attacks on WordPress installations, with some statistics.

Published inBlogHackerterrorcybercyber

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *