The latest release of WordPress fixes seven security vulnerabilities. If you have not yet upgraded to a secure version of the software, don’t delay.
These vulnerabilities could expose sensitive data, allow the creation of unauthorized posts, and more. For full details, check out the WordPress blog or the Wordfence blog, which explain the issues in detail.
How can you keep your WordPress site safe every day?
- Update the WordPress software on your website.
Using an up-to-date version of the software is your best defense.
- Keep plugins and themes up to date.
This is key to keeping your site safe.
- Verify your users.
Remove anyone who should not have access anymore, and reduce permissions when possible. If a user is only writing content, grant him or her author access, not administrator access.
- Check your passwords.
Make sure you are using a secure password. Use a password manager.
- Set up a firewall.
Wordfence or Sucuri are good options to protect your website with a firewall.
- Run regular code scans on your website.
Automated scans can alert you immediately if your code has been altered.
- Remove anything you aren’t using.
By removing unused themes and plugins, you actively decrease the attack surface area of your website.
- Keep regular, off-site backups.
A clean backup will help you restore your website in the event something does happen. Be sure to store the backup elsewhere so you can access it even if you lose access to your hosting account.
But what about Gutenberg?
WordPress 5.0.1 includes the Gutenberg or block editor, which is a positive but large change. If you’re not ready to make the jump yet, but want your website to remain secure, you can upgrade your WordPress version to a secure version of an earlier branch, like 4.9.9. If you need help pursuing this option, get in touch with us.