Website Security Checkup – January 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

January 2017

WordPress

There were 2 security releases in January. By default, a security release will be applied automatically if you are on WordPress 3.7 or higher.

Current release: 4.7.2NEW SECURITY RELEASE – Release date: January 26, 2017

More WordPress info

Quick overview of v4.7.2:

  • Fixes 3 security issues
  • The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
  • WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
  • A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

More Details on v4.7.2

Previous release: 4.7.1 SECURITY RELEASE – Release date: January 11, 2017

Next scheduled release: 4.7.3, in 2017

Joomla

There were no Joomla releases in January.

Current release: 3.6.5SECURITY RELEASE – Release date: December 13, 2016

More Joomla info

Quick overview of security release 3.6.5:

  • 1 high priority and 2 low priority security issues fixed
  • 4 bugs fixed

More Details on v3.6.5

Next scheduled release: 3.7, March, 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – December 2016

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

December 2016

WordPress

Current release: 4.7NEW – Release date: December 6, 2016

More WordPress info

Quick overview of new features in v4.7:

  • New theme: Twenty Seventeen
  • Theme starter content
  • Video headers
  • Add custom css from customizer
  • Edit shortcuts from customizer preview
  • Post type templates
  • Editor improvements
  • Dashboard in your language
  • PDF Thumbnail Previews

More Details on v4.7

Next scheduled release: 4.7.1, in January, 2017

Joomla

Current release: 3.6.5NEW SECURITY RELEASE – Release date: December 13, 2016

More Joomla info

Quick overview of security release 3.6.5:

  • 1 high priority and 2 low priority security issues fixed
  • 4 bugs fixed

More Details on v3.6.5

Next scheduled release: 3.7, in March, 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Passwords Managers – Why You Should Have One

sticky noteStrong passwords are key to keeping our online personal information and all types of sensitive data secure. A strong password is also important for keeping your own website, be it WordPress or Joomla, secure and safe from hacker intrusions.

We are required to have an ever-growing number of passwords for an ever-growing number of websites, apps, services, etc. One option is to use one easy to remember password for everything. The problem with that approach is hackers are on to that one. They will automatically try the same login information on multiple sites to see if it works. They will also try every common password known to man. I’m sure you’ve seen the multiple lists of terrible passwords to avoid at all costs.

The best passwords are the ones you cannot possibly guess… or even remember.

  • They should be long, the longer the better. If a site has a maximum password length, use it.
  • They should be complex, containing a mixture of upper and lower case letters, symbols and numbers.
  • They should be different for every site you access.

So how can we possibly manage all these secure, unmemorizable passwords?

WordPress & Joomla – Release Summary

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

Release Summary – November, 2016

WordPress.org

  • There were no new releases this month
  • Current release: 4.6.1
    SECURITY RELEASE
    – Release date: September 7, 2016
  • Next scheduled release: 4.7, on December 6, 2016

Joomla.org

  • There were no new releases this month
  • Current release: 3.6.4
    SECURITY RELEASE
    – Release date: October 25, 2016
  • Next scheduled release: 3.7, in March, 2017

WordPress & Joomla – Release Summary – September 2016

WordPress.org
  • Current release: 4.6.1
    NEW
    SECURITY RELEASE
    – released September 7, 2016
  • Next scheduled release: 4.7, December 6, 2016
Joomla.org
  • No new releases this month
  • Current release: 3.6.2 – released August 4, 2016
  • Previous release: 3.6.1
    SECURITY RELEASE
    – released August 3, 2016
    Note: there is a special procedure to update to 3.6.1.
  • Next scheduled release: 3.7, 3rd quarter, 2016

Don’t Update Your Website Software

Don't Update Your Website Software

Key Points

If you see a software update prompt on your website, notify the website administrator
It’s dangerous to have a higher level of authority than you need. If you only need to post articles, you should not have authority to update software
Updating website software involves some degree of risk. Buggy or incompatible software can cause undesired results (i.e. website crash)
A website admin will take a website backup before updating software to ensure a path to recover from any problems during the update process
A website admin will test new software in a test environment first to ensure the update on the live website goes smoothly
For best results, have a website administrator update all software. He/she will take all necessary precautions.
What??! But I thought you always said I should update my website software to avoid problems with hackers and malware. What gives?

Well, that’s correct, you should update your website software… figuratively speaking, of course. When I say “You should update your software”, well, I don’t necessarily mean YOU, yourself, should do it. I mean you should ensure that it gets done… that someone does it.

Software Update Prompts

So why do I bring this up? Well, when you login to your site’s admin screen or dashboard, you may have seen messages telling you that updates are available and asking you to proceed to update your site. And technically, if you can see the prompts, you can perform the updates with just a few clicks. However, those messages are really meant for website administrators. And often, these messages are seen by other users, not just administrators. So if you aren’t the website administrator, it’s best to notify him/her about these messages.

Are You A Website Administrator?

Many website owners are set up with a login username on their site by someone else, maybe a web designer or an administrator did it for them. Many times, the owner is set up with a role that has more authority than he/she really needs… including the highest level, a super admin. This can be a very dangerous thing!

Do you know what your role is on the website? Do you just need to add new articles or posts once in a while? Or maybe you need to approve other users’ articles before publishing? Are you the website administrator who takes care of all the technical stuff? Do you really need to log in to the admin area / dashboard at all?

The point is, it’s important to know your role on your website, and your authority / access should reflect that role. For example, if you only need to post articles, you should not have authority to update software. The website administrator’s role is typically to install, update, remove and test software. They also will create website backups to ensure a way to recover from problems. If this doesn’t sound like what you normally do, then you probably shouldn’t be updating website software.

About Those Software Update Prompts…

Some examples: