What do Gravity Forms, WordPress SEO by Yoast, WPML and WooCommerce have in common? Sure, they’re all massively popular and useful WordPress plugins but I was thinking more that over the past month or two, they’ve all had to release a number of security updates that address critical security flaws.
As I have written about before, WordPress in and of itself is very secure. It has a lot of eyes poring over the codebase and when issues are identified, patches are quickly made available.
The issue is that WordPress’ greatest strength is also its greatest weakness: plugins massively extend the capabilities of WordPress, but can also introduce security loopholes.
The developers of the plugins mentioned above are all top-tier developers and I would never question their ability. However, they’re human and mistakes get made. The important thing is that once they’re identified, they’re resolved and fixed quickly, which was the case with all of these. However, that only fixes the issue if you actually update your site with the patch.
When there’s a major security issue in the WordPress ecosystem, the chances are that unless I’m asleep, I’ll probably know about it before you, so when major issues like these come to light, I update my clients’ plugins immediately, regardless of whether they’re “due” for an update according to their plan.
Invariably, clients start asking if their site is protected after learning about a security flaw and the answer is almost always yes, and if it isn’t, it is in about 10 minutes.
Flaws like this highlight the importance of keeping your site up to date. If you’d like a WordPress expert to handle these updates for you, The WP Butler offers this service and if you’re concerned about how updates will affect your site, you may be interested in my “Eyes on your site” service, where I check over your site periodically and make sure that it’s running as it should.