Go to top of page

Update WordPress to protect your website, blog and visitors

Priority Level: 
High
31 January 2017

Widely used website and blogging content management system WordPress has issued an update to address security vulnerabilities that may enable unauthorised people to access sensitive systems and information.

WordPress has advised users to immediately update their sites to version 4.7.2 to protect themselves.

People use WordPress software to provide the design, features and support for their websites or blogs. However, an unauthorised person may be able to exploit a vulnerability caused by an unsafe plugin (software that adds a feature or function to an existing system) or theme (software that can be used to change the look and feel of a website or blog) to run their own commands on a user's WordPress database.

The unauthorised person may then be able to gain access to the user's WordPress system, delete information from the database, or add code to the website or blog to deliver malicious software such as viruses or spyware to online visitors.

The vulnerability is not present in the default WordPress installation.

You should be aware that WordPress plugins and themes may not be as secure as the code developed for the core WordPress product. As a result, you should exercise caution when installing plugins, particularly to live websites and blogs.

Plugin testing should always be undertaken on WordPress installations that are in development or being tested. Plugins should never be tested on systems in production.

Stay Smart Online recommends you set WordPress to automatically install updates. Any plugins or themes that your site uses should be updated regularly. Depending on the configuration of your WordPress installation, setting automatic updates for WordPress plugins may require technical experience.

More information

WordPress has released detailed information on the update on its official site.

Stay Smart Online has information on enabling automatic software updates.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.