If there is one constant about the digital age in which we live, it’s that everything is always changing. As cliché as that may sound, it is absolutely true, and it carries with it the need to stay informed, up-to-date, and on top of things as best you can.
Specifically, software changes frequently. New features, enhancements, and fixes are often developed and published by the companies that provide the software you use. Occasionally we see patches pushed out which provide a fix for a vulnerability discovered in the software application. This could be anything from someone being able to gain access to your favorite social media account to someone being able to overtake your company’s website and put something else in its place.
Last week we saw the release of WordPress 3.0.4, which patched a critical security vulnerability discovered by WordPress’s security researchers. The vulnerability could allow hackers to use what’s called a Cross-Site Scripting attack to take control of a WordPress-driven website, lock out its owners, and alter it at will. Luckily, the WordPress community quickly released a fix for this vulnerability, urging people to upgrade right away, and corecubed leapt into action in order to implement the fix or our clients.
Does this mean we have lost any faith in WordPress? Absolutely not. This sort of thing happens all the time, unfortunately, and it even happens to companies who tout the most rigorous of security standards in their applications and software. The news is regularly strewn with blurbs about the latest exposures in credit card numbers and the hacking of popular websites, and WordPress was the latest in a long list of ongoing casualties.
What matters most in this scenario is how quickly fixes are implemented once vulnerabilities are discovered, and how transparent and forthcoming a company is when it happens. The short history of the digital age has proven that it is far better for a company to acknowledge that there is a problem and announce their plans to fix it than to garner mistrust or uncertainty by remaining silent.
What can you do?
Check for and apply updates
Many desktop applications will automatically update themselves or ask you to install new updates. You should always allow this to happen, especially when it’s something that can access the Internet, such as a web browser, or your operating system itself (Windows, Mac OS).
Web-based applications such as WordPress will do the same thing. As easy as it may be to ignore the nagging message about needing to upgrade there are reasons for it, and implementing a security patch is far less time consuming than trying to rebuild a website that was hacked.
What can corecubed do?
We can help implement fixes and patches when they are released. We encourage our clients to let us provide ongoing maintenance, backups, and patching for websites, taking this stress off their backs and helping to ensure their websites and web-based applications will continue to function.