WordPress XSS Vulnerability

This week has seen an XSS vulnerability in standard WordPress websites come to light. We wanted to reassure all our customers that our sites were not affected by this risk.

We put a lot of time and effort into the security of your website so you don’t have to.

The WordPress core team has now patched the vulnerability, so if you’re running a WordPress site that isn’t supported by us (why not?!) then you should update immediately to mitigate the risk of your site being hacked.

Sucuritechnical details.

What is an XSS attack?

Cross-Site Scripting (XSS) is a type of attack where an attacker tries to embed malicious code into a webpage and use it to exploit your site. There are various ways to achieve this goal and in this instance attackers target the comment form to inject a script into the database. In turn this script attempts to obtain the login credentials of anyone that visits the page.

The goal for the hackers is to get the administrators login details and once they have those they are free to do pretty much anything they like with the website.

Protect your website

Our hosting infrastructure is very robust and we use an independent team of third party security experts to make sure sites are always protected from attack.

With the measures we have in place on our sites, this type of attack would have failed anyway, but in any event, our security engineers sprang into action and within 3 hours of the vulnerability becoming known they had taken specific steps to further mitigate risk.

We’re really proud of our security record with clients sites and will continue in our endeavours to ensure that each and every one is safe and secure.