Wordpress 3.1.4 Addresses Security Flaws

By Author: eccuni
Total Articles: 211
Comment this article

Recently, WordPress Development team released WordPress 3.1.4 and the release candidate 3 for WordPress 3.2. The company had earlier planned to release WordPress 3.2 by the end of June. WordPress 3.1.4 addresses an issue, which could allow users at editor-level to gain additional access to the site. Developers have also resolved several other security issues and integrated several hardening measures to strengthen the platform. Millions of websites worldwide including major media sites use the online blogging and publishing platform. WordPress, which started as a blogging tool has steadily evolved as a content management system. The WordPress.org and WordPress.com have also faced several security issues in the recent times. Recently, WordPress alerted users that attackers had modified plugins such as AddThis, WPtouch, and W3 Total Cache to include backdoors in them. Security professionals were successful in updating the affected plugins. WordPress.com, which remains unaffected with plugin incident, suffered distributed denial-of-service attack earlier in the year.

The release candidate 3 for WordPress 3.2 incorporates ...
... fixes for all vulnerabilities addressed in 3.1.4, mitigates minor RTL JavaScript issues, and includes fixes for user interface. Developers have urged users to test the release candidate on a non-live test site, and communicate issues and bugs to the WordPress development team. The minimum requirements for version 3.2 now stand at PHP 5.2.4 and MySQL 5.0.

Millions of users use various WordPress based platforms. As such, there always remains threat of compromise of user accounts. Organizations using WordPress platform must immediately to the latest version to avoid exploitation of security flaws. Operational issues and lack of prioritization often result in delays in implementing security updates. Cybercriminals take advantage of the time lag in issue of an update and implementation by end-users to exploit security flaws. Professionals qualified in masters of security science and computer science degree may enable organizations to identify and prioritize security updates and patches.

The vibrant and ever-evolving security threats pose challenge for both developers and end-users. While developers must constantly strive to detect and resolve security issues, end-users must have appropriate policies and procedures in place to deal with security challenges. Organizations must train employees on cyber security practices and incident management. Employees may take advantage of online degree and e-learning programs to enhance their security awareness.

Participation in security conferences, and undertaking online university degree programs and security certifications may help security professionals in staying abreast of latest happenings in security industry and enhancing their technical expertise.