Website Security

New Wordpress Vulnerability Revealed

Robert Wakefield
31 August 2018

Wordpress is, yet again, under fire after reports of a new vulnerability in the system’s PHP framework. Secarma, a leading cybersecurity firm, has reportedly uncovered a significant vulnerability in the system. According to Secarma, the ‘unserialization’ in Wordpress code could enable hackers to upload seemingly harmless files, only to trigger a file operation which would unserialize metadata. Referred to as a ‘critical vulnerability’, a large number of sites could be affected by malicious code if hackers use the security lapse to attack sites.

Despite on-going security issues, Wordpress remains a popular content management system, with large numbers of businesses still using the system to deliver their content to users. The latest security breach means, however, that approximately 26% of the websites on the internet are now vulnerable. Furthermore, it’s estimated that 30% of the top 1000 websites are delivered via Wordpress. With the unserialization of metadata potentially causing a complete system disruption or compromise, many businesses could see their web presence obliterated due to this particular Wordpress vulnerability.

Perhaps most worryingly, reports suggest Wordpress originally became aware of this particular vulnerability in early 2017. Despite this, Wordpress has yet to take action, meaning site owners and users have been left in an increasingly vulnerable position for well over a year. Hardly surprising though, as Wordpress is (technically) not owned by anyone – it belongs to the WP community, in other words, everyone. Is this perhaps the biggest flaw of all in Wordpress? Most other web development platforms actually have ‘owners’ as well as a large technical support team to jump in when vulnerabilities like this occur.

Many smaller businesses (and web designers) are attracted to Wordpress because it’s essentially free to use; but ‘free’ comes with a price and the cost of having a developer try to re-secure your business website after a serious security exploit would far outweigh any freebie benefits. A case of ‘All that glitters ain’t gold’, maybe? We’ll let you decide.

Why Is Security So Important?

Few companies are resilient enough to recover from a widespread security threat and a complete system compromise could spell the end for a number of SMEs. As well as the inevitable downtime and loss of trading caused by a security breach, the bad PR and loss of user confidence could make it impossible for companies to recover from a threat to their security. In addition to this, companies are facing increased penalties and fines for data breaches. If hackers gain access to a site’s content, they could potentially steal or release company and user data, resulting in hefty sanctions for the company in question.

For businesses with an online presence, web security should be your number one priority and have a secure CMS is vital. By providing a safe and secure site, you can ensure you’re complying with the relevant legislation, that your site remains active and up-to-date, and that your users can have confidence your company.

Keeping Your Site Secure

By its very design, Wordpress is open to numerous vulnerabilities. While the use of plug-ins may appear to offer site managers additional choice, they can lead to a number of cracks in which hackers can gain access to the site.

Instead of relying on potentially dangerous plug-ins, Siteglide delivers a seamless content management system, with all the features you could need already available and functioning. Hosted on AWS servers, Siteglide is fully managed and hosted, providing a reliable, fast and secure service. Owned and maintained by a UK software company, Siteglide is rapidly gaining international popularity due its robust core technology, excellent technical support, and virtually limitless capabilities.

With integrated marketing tools and analytics built in to the system, you can use Siteglide to manage your marketing activities, as well as your content. What’s more – you don’t need any technical experience in order to use the Siteglide CMS or tools.

To find out more, contact Siteglide now.

Download our free Guide

Finding your existing CMS clunky but unsure whether you need to go Headless, Hybrid or DXP?