The WordPress Vulnerability report is as follows.
WordPress Plugin :
The 5 best WordPress security plugins for complete site security
1. A firewall/malware scanner plugin
- Firewalls have been around for decades. At the basic level, a firewall is a piece of security software that works as a barrier between a trusted and untrusted network (a network refers to the internet infrastructure you use to access a website e.g. Airport Lounge Wi-Fi). More recently, firewalls have been added to web application firewalls (WAF), which protect specific applications such as WordPress.
2. An activity log plugin
- Unsecured WordPress logins are one of the easiest ways hackers can gain backdoor entry to your site. If you have no idea which actions your users are taking, it can be impossible to tell if a user account has become compromised.
- To track vital changes made to your website before it’s too late, you need to install an activity-tracking plugin such as WP Activity Log. It packs in a range of features that protect your website from malicious intruders who’ve tried to sneak in under the radar. Leading brands such as Amazon, Disney, Bosch, and Intel are already using it.
3. A plugin for password security
- Password security is of vital importance. One weak password could derail your entire site. Imagine for a moment that you run a sizable ecommerce store, and a hacker uses an automated brute-force program to guess the password of one of your Administrator user roles.
4. A plugin to enable two-factor authentication
- Sometimes it doesn’t matter how strong your passwords are. A hacker can quickly gain access to your website with stolen user login credentials. If you run a WordPress blog, your content creators could write their passwords on sticky notes and these could fall into the wrong hands.
- All those months and years of work to rank articles for your website could go to waste if they remove all of your highest-performing posts.
5. A file changes plugin or file integrity monitor plugin
- Regardless of the type of website you operate, you need to know of any changes made to critical files as they could have severe repercussions. Most file changes are harmless or desired improvements. However, in other instances, they could open up your website’s defences, unintentionally or otherwise.
WordPress News :
1. Millions of WordPress sites hit in wide-ranging attack
- A WordPress vulnerability present across millions of sites is being targeted by threat actors, according to security researchers. A number of the security bugs have only recently been patched, leaving a huge number of sites at risk.
2. Web hosting provider exposes details of millions of clients in serious security lapse
- Security researchers have discovered a huge data breach involving a web hosting firm, which may have threatened the privacy of some 63 million individuals.
- Security researcher Jeremiah Fowler, in collaboration with Secure Thoughts, discovered that an unsecured database hosted by US firm Cloud Clusters had potentially compromised usernames and passwords connected with Magento, WordPress and MySQL.
It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.