Website critical vulnerability

WooCommerce (which is used on many WordPress shopping carts) has announced a critical vulnerability in their plugin.  We updated all client sites within hours of the notification.

Even though we have updated client sites with WooCommerce, this is a timely reminder:

  1. Even if your site doesn’t use WooCommerce – if you have a shopping cart, online bookings, vital information and/or contact forms which collect client information, then multiple offsite backups and monthly maintenance are vital.  Regular website maintenance is still one of the best ways to ensure that plugins, WordPress, PHP and themes reduce your exposure.  Learn more about regular maintenance.
  2. WooCommerce haven’t yet revealed the extent of the exploit or whether data has been compromised.  The potential exposed data could include order and customer information which is stored on your site (if you have a WooCommerce shopping cart).  We will let you know as soon as we learn more.
  3. Out of caution it is a good idea to update your WordPress passwords now (as we have now installed the pached version of WooCommerce).  This potential exploit has been around since 30/1/2018… which demonstrates that regular password changes are beneficial anyway.

WordPress maintenance doesn’t guarantee that your site won’t have problems… but it does reduce the chance of problems and improve recovery speed.  Please contact us or call 3366 8166 to discuss your needs.

WooCommerce critical vulnerability detected