Patch up WordPress ( please )

Get Automated Upgrades Available Notifications

Waking up today and we’re hearing about more issues with certain plugins so once again here’s the type of blog post you see quite a bit on here. It’s namely the keep your website up to date post. You generally keep the software on your computer up to date don’t you?

There are new features, bug fixes and security patches being released all the time. WordPress is no exception. So the message here is patch up plain and simple. If you don’t log into your CMS (Content Management System) that often you can forget these things and you may feel it’s a hassle to sort out.

If you plan on doing the updates yourself then there’s a handy plugin to keep you notified it’s called WP Updates Notifier. You can see from the screen shot below it’s pretty easy to configure.

WP Updates Notifier

Just enter in your email address ( and send a test email and make sure the updates aren’t sent to your spam folder just in case ).

The next time there are updates for your WordPress install you’ll hopefully get a mail.

We’ve tested the plugin and it’s working fine on the latest version of WordPress 3.5.1 and hopefully the developers will be maintaining this one as it’s incredibly useful.

Not using certain plugins why not deactivate them and fully remove them from your install?

As with everything we highly recommend you backup before you do anything.

(Original Image: Robot from BigStockPhoto)

, , , , , , , ,

61 Responses to Patch up WordPress ( please )

  1. Mr Carpet Cleaning May 1, 2013 at 15:29 #

    Naming and shaming these plugins should patch up any problems or maybe go as far as blocking them from been used.

    Would really love to know which ones are causing the issues tho!

  2. James Larkin May 1, 2013 at 15:41 #

    Mr Carpet Cleaning … it was related to two of the most popular plugins WP SuperCache and W3 Total Cache … using your logic it’d be good to ban WordPress as well as security issues pop up in it all the time 😀

    Both plugins were patched pretty quickly and the issue wasn’t generally mentioned heavily until one of the security blogs picked up on it a month or so later. Exploits tend to be constantly found in software whether it’s your operating system or an application you use. The message here is to keep up to date and the notify plugin should give you a heads up that you need to upgrade things.

  3. Niall Flynn May 2, 2013 at 15:34 #

    If you guys had a proper cPanel setup you would be able to trigger this automatically via onclick install.

    The issues here are around the security settings and proactive attempts to stop DDoS rather than security exceptions in plugins.

    I love this attitude that web security is not something the host should resolve, don’t get me wrong ancient plugins old WP versions, admin password, yeah that’s your problem as a client.

    This botnet attack is separating the men from the boys when it comes to crummy web hosts.

    • Michele Neylon May 2, 2013 at 18:07 #

      Niall

      I’m sorry, but I don’t think you actually appreciate what a DDOS actually is or how it impacts large hosting networks.

      You also work on the assumption that all WordPress installs are automated and that all automated upgrades would work without causing issues with plugins, templates etc.,

      You have no knowledge of what measures we have taken and continue to take to protect our clients and our network and I personally find your categorisation of us to be both offensive and misinformed.

      We are the largest hosting provider in Ireland and the only one who actively engages in DNS abuse and internet security. None of the other providers come near us when it comes to infosec related activities.

      Thanks for your comment

      Michele

      • Niall Flynn May 2, 2013 at 18:16 #

        My terminology might not be correct but what I am trying to get across is that if the host is proactive they can stop a lot of this.

        Security issues in plugins are one thing, but it is the default answer from hosts, that plugins are causing these issues. One click install keeps all my sites up to date, cpanel emails me to say hey update WP, which will in turn get me to do the same for plugins.

        My point was that using cPanel this WP update can at least be automated or the the prompt can be.

        My point here is athat some hosts are helping people and making core security updates, putting proactive steps in place, rather than telling people to keep WP plugins updated and pushing it back to them.

        Fair play if you looking after DNS abuse and internet security.
        My only gripe with WP on Blacknight is the lack of a standard plesk or cPanel, no offense intended, just my opinion.

        • James Larkin May 2, 2013 at 19:51 #

          Hi Niall, I think you’re getting two issues confused here. One issue is that there have been a number of large scale DDOS attacks against web hosting systems recently the other is that we’re actively trying to help our customers keep their software up to date and provide useful tips and tricks for them to get the most out of their website. We use WordPress ourselves, we have in house designers and developers and as such we’re talking from experience here. This blog post was in no way related to the DDOS attack that occurred recently

          I’m actually someone who templates and develops WordPress sites I also write a number of our blog posts, develop and do a fair amount of graphic work for the company. Hence I thought it would be nice to pass on some knowledge and experience to our clients. I think it’s fair to assume the majority of people forget to update plugins. A lot of people would also I assume not log into their websites constantly it may be a few days, weeks or in some cases even months between logins. The notification plugin I mentioned in the post is something that can help with that.

          Unfortunately given the huge number of plugins and templates that are available for WordPress unless we take full control and start to limit what our customers do it’s simply not an option for us to go installing updates and plugins on thousands of our customers WordPress sites.

          I’m going to close this blog post to comment now unfortunately we’ve seen threads like this spiral out of control in the past so I’m going to close this to comment now. Feel free to address any concerns to customercare@blacknight.com

          Regards,
          James