Website Security Checkup – July 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

July 2017

WordPress

There were no WordPress releases in July.

Current release: 4.8 – Release date: June 8, 2017

More WordPress info

Quick overview of v4.8:

This release contains several feature updates including:

  • Updated/new widgets for: Image, Video, Audio, Rich Text which simplify the process of adding and maintaining.
  • Link Boundries – improved creation and handling of links in posts and pages.
  • Nearby WordPress Events – is a new item added to the Dashboard to inform WordPress admins of WordPress events around their area.
  • Misc. updates – More Accessible Admin Panel Headings, Removal of Core Support for WMV and WMA Files, Multisite Updates, Text-Editor JavaScript API, Media Widgets API, Customizer Width Variable

More Details on v4.8

Next scheduled release: 4.8.1, 2017

Joomla

There were 2 Joomla releases in July:

Current release: 3.7.4NEW SECURITY RELEASE – Release date: July 25, 2017

Previous release: 3.7.3SECURITY RELEASE – Release date: July 4, 2017

More Joomla info

Quick overview of release 3.7.4:

  • Security fix – Core – Installer: Lack of Ownership Verification (affecting Joomla! 1.0.0 through Joomla! 3.7.3)
  • Security fix – Core – XSS Vulnerability (affecting Joomla! 1.5.0 through Joomla! 3.7.3)
  • and over 50 bug fixes and improvements

More Details on v3.7.4

Quick overview of release 3.7.3:

  • Security fix – Core – Information Disclosure (affecting Joomla 1.7.3-3.7.2)
  • Security fix – Core – XSS Vulnerability (affecting Joomla 1.7.3-3.7.2)
  • Security fix – Core – XSS Vulnerability (affecting Joomla 1.5.0-3.6.5)
  • and over 230 bug fixes and improvements

More Details on v3.7.3

Next scheduled release: 3.8.0, 3rd Quarter 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – June 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

June 2017

WordPress

Current release: 4.8NEW – Release date: June 8, 2017

More WordPress info

Quick overview of v4.8:

This release contains several feature updates including:

  • Updated/new widgets for: Image, Video, Audio, Rich Text which simplify the process of adding and maintaining.
  • Link Boundries – improved creation and handling of links in posts and pages.
  • Nearby WordPress Events – is a new item added to the Dashboard to inform WordPress admins of WordPress events around their area.
  • Misc. updates – More Accessible Admin Panel Headings, Removal of Core Support for WMV and WMA Files, Multisite Updates, Text-Editor JavaScript API, Media Widgets API, Customizer Width Variable

More Details on v4.8

Next scheduled release: 4.8.1, 2017

Joomla

Current release: 3.7.2 – Release date: May 23, 2017

There were no Joomla releases in June.

More Joomla info

Quick overview of release 3.7.2:

  • This release fixes some bugs in file mime checks, module page filtering as well as some other bugs and several other minor improvements.

More Details on v3.7.2

Next scheduled release: 3.8.0, 3rd Quarter 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – May 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

May 2017

WordPress

Current release: 4.7.5NEW SECURITY RELEASE – Release date: May 16, 2017

More WordPress info

Quick overview of v4.7.5:

This release contains 6 security fixes and 3 maintenance fixes. The security issues are:

  • Insufficient redirect validation in the HTTP class.
  • Improper handling of post meta data values in the XML-RPC API.
  • Lack of capability checks for post meta data in the XML-RPC API.
  • A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog.
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

More Details on v4.7.5

Next scheduled release: 4.8, June 8, 2017

Joomla

Current release: 3.7.2NEW – Release date: May 23, 2017

Previous release: 3.7.1SECURITY RELEASE – Release date: May 17, 2017

More Joomla info

Quick overview of release 3.7.2:

  • This release fixes some bugs in file mime checks, module page filtering as well as some other bugs and several other minor improvements.

More Details on v3.7.2

Quick overview of release 3.7.1:

  • This release address a critical security issue as well as several bugs.
  • Security issue fixed is: High Priority – Core – SQL Injection (affecting Joomla! 3.7.0)

More Details on v3.7.1

Next scheduled release: 3.8.0, 3rd Quarter 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – April 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

April 2017

WordPress

Current release: 4.7.4NEW – Release date: April 20, 2017

More WordPress info

Quick overview of v4.7.4:

This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API.

More Details on v4.7.4

Next scheduled release: 4.8, May-June, 2017

Joomla

Current release: 3.7.0NEW SECURITY RELEASE – Release date: April 25, 2017

More Joomla info

Quick overview of security release 3.7.0:

  • Over 700 improvements, including many features which make administration of Joomla! Web sites easier and more feature-rich.
  • 8 low priority security updates

More Details on v3.7.0

Next scheduled release: 3.8, 3rd Quarter 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – March 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

March 2017

WordPress

Current release: 4.7.3NEW SECURITY RELEASE – Release date: March 6, 2017

More WordPress info

Quick overview of v4.7.3:

This release contains 39 maintenance fixes to the 4.7 release series.

And it fixes 6 security issues:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

More Details on v4.7.3

Next scheduled release: 4.7.4, April-May, 2017

Joomla

There were no Joomla releases in March.

Current release: 3.6.5SECURITY RELEASE – Release date: December 13, 2016

More Joomla info

Quick overview of security release 3.6.5:

  • 1 high priority and 2 low priority security issues fixed
  • 4 bugs fixed

More Details on v3.6.5

Next scheduled release: 3.7, March, 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – February 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

February 2017

WordPress

There were no WordPress releases in February.

Current release: 4.7.2SECURITY RELEASE – Release date: January 26, 2017

More WordPress info

Quick overview of v4.7.2:

  • Fixes 3 security issues
  • The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
  • WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
  • A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

More Details on v4.7.2

Previous release: 4.7.1 SECURITY RELEASE – Release date: January 11, 2017

Next scheduled release: 4.7.3, in 2017

Joomla

There were no Joomla releases in February.

Current release: 3.6.5SECURITY RELEASE – Release date: December 13, 2016

More Joomla info

Quick overview of security release 3.6.5:

  • 1 high priority and 2 low priority security issues fixed
  • 4 bugs fixed

More Details on v3.6.5

Next scheduled release: 3.7, March, 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – January 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

January 2017

WordPress

There were 2 security releases in January. By default, a security release will be applied automatically if you are on WordPress 3.7 or higher.

Current release: 4.7.2NEW SECURITY RELEASE – Release date: January 26, 2017

More WordPress info

Quick overview of v4.7.2:

  • Fixes 3 security issues
  • The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
  • WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
  • A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

More Details on v4.7.2

Previous release: 4.7.1 SECURITY RELEASE – Release date: January 11, 2017

Next scheduled release: 4.7.3, in 2017

Joomla

There were no Joomla releases in January.

Current release: 3.6.5SECURITY RELEASE – Release date: December 13, 2016

More Joomla info

Quick overview of security release 3.6.5:

  • 1 high priority and 2 low priority security issues fixed
  • 4 bugs fixed

More Details on v3.6.5

Next scheduled release: 3.7, March, 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Website Security Checkup – December 2016

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

December 2016

WordPress

Current release: 4.7NEW – Release date: December 6, 2016

More WordPress info

Quick overview of new features in v4.7:

  • New theme: Twenty Seventeen
  • Theme starter content
  • Video headers
  • Add custom css from customizer
  • Edit shortcuts from customizer preview
  • Post type templates
  • Editor improvements
  • Dashboard in your language
  • PDF Thumbnail Previews

More Details on v4.7

Next scheduled release: 4.7.1, in January, 2017

Joomla

Current release: 3.6.5NEW SECURITY RELEASE – Release date: December 13, 2016

More Joomla info

Quick overview of security release 3.6.5:

  • 1 high priority and 2 low priority security issues fixed
  • 4 bugs fixed

More Details on v3.6.5

Next scheduled release: 3.7, in March, 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Passwords Managers – Why You Should Have One

sticky noteStrong passwords are key to keeping our online personal information and all types of sensitive data secure. A strong password is also important for keeping your own website, be it WordPress or Joomla, secure and safe from hacker intrusions.

We are required to have an ever-growing number of passwords for an ever-growing number of websites, apps, services, etc. One option is to use one easy to remember password for everything. The problem with that approach is hackers are on to that one. They will automatically try the same login information on multiple sites to see if it works. They will also try every common password known to man. I’m sure you’ve seen the multiple lists of terrible passwords to avoid at all costs.

The best passwords are the ones you cannot possibly guess… or even remember.

  • They should be long, the longer the better. If a site has a maximum password length, use it.
  • They should be complex, containing a mixture of upper and lower case letters, symbols and numbers.
  • They should be different for every site you access.

So how can we possibly manage all these secure, unmemorizable passwords?

WordPress & Joomla – Release Summary

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

Release Summary – November, 2016

WordPress.org

  • There were no new releases this month
  • Current release: 4.6.1
    SECURITY RELEASE
    – Release date: September 7, 2016
  • Next scheduled release: 4.7, on December 6, 2016

Joomla.org

  • There were no new releases this month
  • Current release: 3.6.4
    SECURITY RELEASE
    – Release date: October 25, 2016
  • Next scheduled release: 3.7, in March, 2017