One Million Websites Affected by WordPress Vulnerability
Last week, cybersecurity experts identified a critical vulnerability affecting 1 million websites hosted on WordPress, one of the world’s most widely used open-source content management systems. The lapse in protection was reported within the Elementor Addons plugin, a popular extension that adds creative capabilities to the WordPress platform.
The vulnerability was tied to a password reset function that could be used by hackers to change the login credential of any user account, including an administrator, without validating a password reset key first.
Developers scrambled to fix the vulnerability by issuing a security patch for Elementor Addons. However, given the global reach of WordPress—the platform hosts an estimated 500-800 million worldwide—there was growing concern that the problem could spread. Hackers often flood known vulnerabilities with brute-force attacks to exploit as many accounts as possible before the problem gets fixed.
How Are Problems Like These Fixed, Anyway?
Software updates can be frustratingly inconvenient—and downright disruptive. That’s why automated patch delivery is so important. Many business-critical applications like Microsoft Office, Adobe Creative Cloud, and Intuit QuickBooks are updated monthly or even weekly. Without installing these updates, business information and individual users are at risk.
IT experts like CMIT Solutions specialize in the behind-the-scenes delivery and installation of updates and patches so that all systems are current. This prevents software and hardware vulnerabilities but also protects against identity theft and privacy breaches.
Take this scenario as an example: an accounting firm uses QuickBooks for account management, financial planning, and employee payroll. Now that tax season is over, however, the company declined to upgrade its QuickBooks license, figuring it’s an easy short-term cost-saving measure.
Then, one day, QuickBooks crashes, the business is temporarily unable to run any reports, and employees are left frustrated by their inability to do their jobs. After just one day of downtime, the combined costs of decreased staff productivity and increased IT service fees far outweigh the recurring cost of the QuickBooks subscription that could have prevented all these problems in the first place.
What’s the Best Way to Protect Your Business?
Contrary to popular belief, it is possible to keep apps up to date without breaking the bank or disrupting regular operations. Here’s how a trusted IT partner can help:
• Enable automatic updates. Many people are hesitant to turn on automated updates, worried that they’ll install at an inopportune time or drastically change the way that familiar software works. But a managed services provider can manage automatic updates for critical software (like operating systems or antivirus protection) and review any patches that require extra attention. And an IT expert will make sure that updates roll out during off-hours when employees won’t be interrupted.
• Leverage subscription-based Software-as-a-Service (SaaS) solutions. This format is most commonly used with popular software suites like Microsoft Office 365 or Adobe Creative Cloud. Important applications like Excel, PowerPoint, or Photoshop are installed on your computer but receive behind-the-scenes maintenance, trusted support, and frequent version control from cloud-based connections that are always running in the background. Many businesses download their apps this way but then fall behind on subscription fees or fail to turn on maintenance plans, leading to the potential of lost functionality or steep repair costs to restore access.
• Update smartphones, Wi-Fi routers, and other hardware, too. With so many apps on our smartphones, it’s easy to forget about mobile software updates or security patches. But hackers are increasingly targeting poorly protected devices that often have unsupported apps or out-of-date systems. Wi-Fi routers are also vulnerable since most of us set it up once and never think of it again (unless, of course, we forget the password). But since routers serve as the front door to all Internet traffic flowing to and from your business, it’s especially important to keep them up to date. Everything else runs on some kind of firmware or software these days: TVs, speakers, cameras, printers, dishwashers, and even new cars. It isn’t easy to keep all of them safely and regularly updated.
• That’s where a trusted partner comes in. Taking a proactive approach to software maintenance and security updates ensures uninterrupted use and smooth performance, no matter when, where, or how an IT system is being used. At CMIT Solutions, we work with every client to highlight the importance of software updates—and then install them at the right time and on the right device. Many applications can be set up to deliver behind-the-scenes automated alerts to IT technicians so we can quickly address issues and identify software vulnerabilities, like the WordPress one described above, which may leave your systems exposed.
With 25 years of experience working with every type of operating system, industry software, and hardware vendor under the sun, CMIT Solutions knows how important patches and updates are. But we also acknowledge that they make up only one layer of a comprehensive cybersecurity strategy and won’t prevent every malicious attack.
However, ongoing support and regular system maintenance will provide your business with a strong first layer of defense thanks to around-the-clock system scans, vulnerability identification, application updates, and data resiliency. If you want that kind of peace of mind and advance preparation, contact CMIT Solutions today. When you’re prepared in advance for every possible problem, your business can thrive.