Hi! We have security news for all WordPress website owners. We are subscribed to most if not all the best security systems that exist in the WordPress webspace, and we receive information like this on a daily basis, for smaller and sometimes bigger security vulnerabilities found mostly in the WP plugins world.
Our VIP WebCare clients receive immediate version updates/patches for the threats discovered and they are informed promptly. However, from now on, we have decided to inform everyone about the most critical security updates as we know that most of you use WordPress.
So what happened with UpdraftPlus?
Long story short, a vulnerability was discovered in the popular WordPress plugin UpdraftPlus, used for creating local and remote (Dropbox, Google Drive, OneDrive) backup packages which the user can easily restore if there is an issue with the website. The vulnerability was discovered by security researchers and was immediately updated with a security fix.
This vulnerability allowed any user who is logged in to the website, to download backups made with the plugin. It is important to know that the backups also include critical information and files like configuration files that can be used to access the site database as well as the contents of the database itself. A lot of opportunities there for the bad actors to play with your website and its contents.
This vulnerability was patched in version 1.22.3 of UpdraftPlus plugin, and we strongly advise you to check if your site is using and running the most up-to-date version of the plugin.
Is this plugin that bad?
No, not at all. In fact, this is one of the most useful plugins for WordPress and it will continue being that by delivering its best backup functionalities and options. All plugins, all coded software, even Windows, Google Chrome, Facebook, and Apple’s software, all have vulnerabilities discovered from time to time. Are they bad software, not at all, we use them every single day! What is important though is that they need to be kept updated to the latest versions.
What can you do by yourself?
You can log in to the backend of your WordPress site and check if you are using UpdraftPlus WordPress Backup Plugin. You can check this by visiting the Plugins page on your admin dashboard menu. If you do see it there, make sure you update it to the latest version and make sure that version is at least 1.22.3 or higher.
What can we do for you?
We can have a call, and if you are interested we can put you on a WebCare plan. In that way, you can put your mind at ease, and we will take care of things like this one. And many more. Please read more about our WebCare service here.
How much will a WebCare Plan cost me?
That depends from case to case as we can plug or unplug modules in this service depending on what your website and your business need. However, it is good to know that our WebCare Plans start at $250/m and can go up as we add more services to it, with daily backups, security scans, security patching, security alert monitoring, website uptime monitoring, vulnerabilities, web trust, and malware scans, and many more related services. We can even integrate Page speed optimization for better SEO, broken links checking, Google Analytics reporting, content management, all that in a single WebCare plan. So, let’s have a chat, and let’s tailor a WebCare plan that will suit your business needs.