Security Vulnerability in WordPress: Update Now!
In the last few weeks, it has been revealed that a huge security flaw exists in WordPress l content management systems that could easily take down an entire site. Goldstein Group recommends that all clients and anyone using WordPress update to the latest version now.
This is a serious issue as WordPress is used by millions of websites. As the most popular content management system on the planet, anyone using it without regular updates and security features are very much at risk. Bots that use malicious software often target WordPress sites because it’s used so widely, so it makes sense to be vigilant in keeping your software up to date.
How the XML Quadratic Blowup Attack Works
The attack manipulates the XML file, typically located in the same place on a WordPress site for all different types of installations. By installing a few simple modifications to the code, the file can be told to replicate itself millions of times over through the parsing process, causing a huge overflow of data and transforming a 1-2 kilobyte data transfer to a 2.5 gigabyte monster just to retrieve a site’s layout.
This is typically more than enough to cause a site to crash. The parsing process for an XML file usually only takes a fraction of a second. Having it take several minutes to an hour would result in a timeout error on the majority of web browsers.
The Fix for This Attack
WordPress has already patched this fix in their latest update. No extra software or security features are needed in order to defend your site.
To get protected against this and any other attacks, simply update to the latest version to make sure you don’t get a denial of service attack from this particular glitch.
Some other steps to take include setting up automatic updates for WordPress and turning off or deleting any unnecessary plugins, as these can often times provide a back door for hackers to gain access to your site while slowing the site itself down.