4.7 Rest API Vulnerability
2016 saw the launch of the latest version of WordPress – we’re at 4.7 now. It’s packed full of new high-tech features, including REST API, a huge hit with developers as it makes it feasible to integrate the website easily with mobile and web applications. Unfortunately, at the end of January a vulnerability was identified inside REST API.
This bug gives hackers the ability to insert, change or delete a blog post on a website without logging in. It is estimated that 1.5 million pages have been infected. A large number of Irish-owned websites are counted in this stat. Unfortunately, including some of our own clients who chose not to invest in the Annual Maintenance Service (€750 p.a. per site).
Take Action Now!
If you have versions 4.7 or 4.7.1, you must update to the last version 4.7.2 or else your site will remain vulnerable to the hack. If you’re not sure, log into the admin. The side of your WordPress website and the screenshot below shows you where to identify your version.
If you are still not sure and you are interested in our support, email us with a link to your site and we’ll let you know.
If you’ve noticed issues with your blog and wonder if your website was hacked, stay calm and contact us. One good thing to note is that the issue just affects the content of the blog posts, and we will be able to resolve the issue for you.
However, prevention is definitely better than the cure in this case – to avoid any downtime. The best approach is to keep the plugins and WordPress itself up-to-date with the latest versions available (but get a developer to do this!). Also, there are often security fixes available on the latest WordPress version. Inspiration can provide monthly support for your WordPress sites, where our technical team review the site each month, make backups and update WordPress and the plug-ins. If you should have a hack subsequently, we will automatically replace the site with the latest, clean version we have backed-up. This not only provides peace of mind, ultimately it is likely to be more cost-effective than dealing with down-time and fixes.