Comments on iThemes WP Vulnerability Report for 2022.06.15

This week’s iThemes WordPress vulnerability report has a couple of the more popular plugins for WP in it. Number 1, installed on 5 million websites, is the page builder plugin Elementor. This week’s 2nd place plugin, Ninja Forms, has 1 million installations.

If you are managing your own WP website I encourage you to check the entire report and make sure to apply any updates relevant to your website, or to disable and remove any plugin without an update. Here’s the link to this week’s report.

Thoughts

There is said to be over 55,000 WordPress plugins in the official WordPress.org plugin directory, and 10s of thousands more out in other reputable and not so reputable online marketplaces. This week’s report had 20 newly discovered plugin vulnerabilities, with 17 of them having already been fixed and available via an update.

20 out of 65,000+ is a drop in the bucket and, IMHO, nothing to freak out about. 17 out of 20 already fixed/updated and available for download is not too shabby either.

It is notable that Elementor, with its very large user base, is on this week’s list. Yet, it is very reassuring that they have already fixed the problem and have an update available. Hopefully, the 5 million websites with Elementor installed are being looked after appropriately by their administrators.

If you are responsible for a website using Elementor, Ninja Forms, or any of the other plugins on this report you need to make sure that you are taking appropriate action to help keep your website secure.

Suggested Action Items

If I had a friend who’s website had a vulnerability on it I would suggest that they do the following:

  1. Have Market Street take over software management (updates, backups, security log reviews, and more…) so that it is looked after by an experienced website support professional.

    🙂

However, if they were determined to DIY it, here are some of what I consider to be “best practices” when making software changes to your website:

NOTE: Mumble, grumble, frickin’ lawyers…. Neither myself nor Market Street can be held liable for anything that happens if you follow these suggestions and damage your website. Every website is different and has its own unique software environment and hosting characteristics that must be taken into consideration whenever you make software changes.

  1. Confirm that you have access to multiple backups spanning several weeks or months for your website. Off-site backups should have been the 2nd thing installed and configured when setting up your website.
  2. Create a staging copy of your website.
  3. Log into the staging website, update the plugins on the staging website and test thoroughly looking for problems. It is rare, but, sometimes an update unintentionally creates a conflict with other software installed on your website.
  4. If you found problems with an update on your staging website, start diagnosing the conflict and contact the appropriate software vendor’s tech support teams to report it and hopefully help you work it out.
  5. If all goes well with your testing on the staging website, login in to the live website and make an off-site backup of your live website.
  6. Apply the plugin update to your live website.
  7. Test the live website thoroughly to confirm it is working properly. Don’t assume that because it worked on the staging site that the update will work on the live website without problems.
  8. Review your process of looking for and responding to routine updates and security updates. Make sure this is done frequently and often. Yes, that was a joke. Well, sort of, you really want to frequently check for updates.

PRO TIP: Make absolutely sure that you know how your backup software works, where your backups are stored, and how to access them if your website goes down. Additionally, you should test your backups on a routine basis to make sure that restoring works as expected when you need it most.


Can We Help You?

Contact Us if you want to improve your online presence, grow faster, be more effective and efficient online.

We will get you noticeably better results. We can teach you how to properly make new content and perform routine maintenance on your various Internet properties, or we can do it for you.

If you want, our Online Business Management service will manage your online presence for you, maintain social media, do content updates & creation, website software updates and maintenance.

Who We Help

We focus on small to mid-size organizations.  Past examples have been a 1-person entrepreneur growing their retirement nest egg, small town communities, school districts, churches, non-profit organizations, and a nationwide organization with 100 people on staff.

If you don’t have an in-house expert, we want to help – Market Street is here for you.

What We Do

Our online business management services, in-depth training, coaching and comprehensive real-world consulting will help you grow, adapt online, work smarter and more efficiently and effectively.

Market Street also makes easy-to-use and highly effective websites that help you get the word out and engage with your audience. Your content can be text, photos, graphics, audio recordings, and even videos.

Experienced Advice

Market Street has 25+ years of experience consulting in the tech world and online marketing.  We know how to manage the numerous behind the scenes details to get you better results.

We are always learning, reading and researching, testing and trying out new strategies, tactics, processes, software and solutions so you don’t have to.

Contact Us – we can help you!

Photo of author

Author:  Scott Cannon

Helping NPOs & businesses for over 30 years as a technology consultant. I now focus on helping people use their website and social media more efficiently and effectively.

I've been told that I'm friendly, helpful and honest to a fault. I wouldn't believe it if I hadn't heard it myself.   :-)

Let me help you!
Contact me

Leave a Comment

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.