4 Year Old WordPress Comment Security Bug

This post contains affiliate links.

In a recent article on Ars Technica, they disclosed the 4 year old WordPress Security bug in the commenting system, this flaw would allow malicious hackers or attackers to leverage XSS or cross site scripting and could potentially gain operating system level access on the server.  The lesson here is that this affects WordPress 3.x and earlier versions of the WordPress platform, WordPress which is on 4.0.1 right now is not affected and subject to this vulnerability so this would be another good reason to make sure you are updating to the latest major versions and hotfixes of WordPress as soon as you can to avoid keeping your site exposed to vulnerabilities.

The other thing to note is that Incapsula Cloud Security service which is free for small sites is also capable of providing protection against this vulnerability as it would prevent any of those attempted script injections from even hitting your WordPress blog site.

I have used Incapsula to protect my blogs for a while, and while I am running the latest WordPress, it adds that extra piece of mind and security should a new vulnerability be discovered with WordPress, as long as it was XSS related, Incapsula would likely take care of it and help insulate my site.  Heck, you can see just in the past 7 days for my site, that 262 bad bots were blocked, 89 illegal access attempts, 24 remote file inclusions, 3 sql injection attempts and 9 cross site scripting attempts were made against DragonBlogger.com.  This is a site that gets about 30000 visits per month and it gets this many attacks per week, just imagine how many attacks your site is getting, any site even small one are compromised all the time.

You need to secure your site, and honestly Incapsula is free and wraps around your site protecting it from a cloud so that the attacks/attempts never even reach your web server, this is the advantage of using a cloud security service instead of simply a WordPress plugin because a plugin is churning up system resources on your web hosting provider and the plugin itself may have a vulnerability or some risk, keep the security off the site itself doing the work so that attempts never make it to the server in the first place with Incapsula.

Source Article for Reference http://arstechnica.com/security/2014/11/four-year-old-comment-security-bug-affects-86-percent-of-wordpress-sites/ that inspired this article.

Updated: November 25, 2014 — 9:44 am