The last month was quite active from WordPress security front as well as Google SERP's changes. Let's talk all about it in this Blogging Monthly episode.

Blogging Monthly Episode 03

Hey Everyone, Welcome to another episode of Blogging Monthly Series. We have seen a lot of challenges towards WordPress Security in the last one month. There have been some vulnerabilities that have been identified and hackers are using it to gain unauthorized access to WordPress sites. We will talk about those in this episode.

We have also seen a lot of changes for Google SERP crawl and indexing. Mobile-first indexing is coming to every site across the internet. So if you are not aware of it, this is a good time to look at those changes and make sure your sites are ready for this.

WordPress Vulnerabilities

So let's start with the WordPress security issues. In the recent past, we have seen a flurry of WordPress plugins to get affected by security issues. The plugin includes Duplicator, ThemeGrill Demo Importer, Flexible Checkout Fields For WooCommerce, ThemeREX Addons, etc.

The good thing is that security patches are available for all the exploited WordPress plugins. So, you should update your WordPress installation and make sure you are running the latest version of the exploited WordPress Plugins.

Here is a list of WordPress plugins which you should look and update if you are using them on your site.

Duplicator

A WordPress plugin to migrate or restore your WordPress site. The security issue allows the attackers to upload the unauthorized file to a folder or export the database access credentials. This can give them access to complete sites including the database and they can insert malicious code easily to your site. ThreatPost has published a detailed article about this vulnerability on their site -> Check Here.

ThemeREX Addons

A plugin to provide many support functionality to ThemeREX WordPress themes. There has been an issue with the Addon plugin which can provide unprotected access to the REST API endpoint.

ThemeREX team has been fast to patch the vulnerability in less than a day and able to issue the update. Wordfence has a good detail article about the vulnerabilities of this plugin -> Check Here.

ThemeGrill Demo Importer

A plugin to import the demo content for the ThemeGrill WordPress themes. At the time of exploit going public, the plugin was installed at almost 200,000 sites. Since then many of the webmasters have uninstalled the plugin.

The exploit allows the remote user to wipe the database or restore it as a base install. After that hackers can access the site with the default 'admin' user and password. The exploit is also patched and you can update the plugin to get the fix. WebARX Security has a detailed article explaining the vulnerability ->