Introducing Our Monthly WordPress Vulnerability Report


27th September 2018

Delivering your website isn‘t the end of the road for us. Today, as a part of this strategy, we‘re pleased to introduce a monthly WordPress vulnerability report. At the start of each month, we‘ll cover plugin updates essential for our clients.

Before we dive in, I invite you to watch the video made by our technical director to explain WordPress security in more detail.

The idea behind our report

We want to make you aware of the number of risks for websites that neglect maintenance. As a result, you will get the hang of an important part of our maintenance routine. Our report will let you know about the crucial security updates to WordPress and the plugins we use on our clients’ sites.

Keeping track of the security vulnerabilities is a gruelling task. Even if you know where to look for the release notes, reading them often isn‘t a walk in the park. Let‘s change that! We want to offer a comprehensive, easy-to-understand report. No redundant information, no confusing vocabulary. Each month you’ll learn what, when and why we have updated.

Closing words

The real responsibility starts the moment you make your website publicly available. Thus our service goes beyond the launch of it. We come across business owners who had their website built by an unprofessional agency or a freelancer, who has disappeared from the surface of the earth the minute after he received the final payment.

Raising awareness about the security risks of neglected websites is an important mission for us. We’re monitoring the vulnerabilities of WordPress plugins for our clients on a daily basis. Now we’ve decided to share our results with you.

Improving the security of individual websites will improve the security of the WordPress platform so we hope you’ll find this series useful and consequently learn how to keep your website safe and sound.

A preview from the first issue

Just as promised, you can find a preview from our inaugural WordPress Vulnerability Report below.

Contact Form 7

It escalated the permissions for the Contributor role due to a bug in the code. A logged-in user in the Contributor role could edit the contact forms. By default, the plugin reserves the edit permission for the users with Administrator and Editor roles.

Is it safe?
Fixed in version 5.0.4, released 04.08.2018.

Our recommendation
The plugin now reads the permissions for the Contributor role correctly. The security of the functionality that allowed you to send file attachments in replies to your visitors got improved. You can only specify file paths from within the secure wp-content directory of your website. As a result, a potential attacker is less likely to attach malicious files to the e-mails you send to your visitors.

Level of warning

Here’s What You Should Do Next

If you’d like us to work on your website to increase your profits, please get in touch. No matter where you are in the world.

Talk to us

If you are a little unusure whether we are a good fit for each other, head over to this page to learn about our typical clients.

See who we work with

Do you want profit?

Download these FREE resources and optimise your website for conversions.

Included in our resources:

  • Discover how to optimise your website for conversions and grow your business.
  • Learn how to optimise your website using modern SEO techniques.
  • Find out ways of making your website profitable to your business.
  • Plus email notifications of industry insights, tools and tips to help your business grow.

We will never sell, rent or trade your personal information with anyone. Pinky promise.