Is your website at risk from this SEO plugin?
If your website is currently running the popular ‘All in One SEO’ pack plug-in, you could be at risk of a pretty serious security hack.
Given that the plug-in is reported to be the most downloaded WordPress plug-in (with over 1 million installs), the flaw has no doubt caused a lot of anxiety for website owners. Identified by security researcher David Vaartjes (the co-owner of ‘Securify’), the risk is said to result from a flaw in the plug-in’s ‘Bot Blocker’ functionality – which could potentially allow for attackers to hijack a site’s admin account. From there, an attacker could force a website’s browser to perform actions not authorised by the administrator; inserting a malicious JavaScript code into the request headers and allowing it to end up as part of the HTML page. A very scary situation indeed!
Here’s the good news:
YES, the flaw CAN BE FIXED.
However, you’ll need to install the latest version of the plug-in (2.3.8 – released July 12th).
Unfortunately, this isn’t the first time the SEO plug-in has encountered this flaw. In June of 2014, Web security firm Sucuri found two flaws in the plug-in, which again, allowed for attackers to potentially hijack accounts and inject malicious codes into the administration panel.
The benefits of the ‘All in One SEO’ pack make it hard to avoid using the plug-in, however, here’s hoping that its developer (Semper Fi Web Design) can avoid such flaws in the future.
Make sure you’re protected – download the latest plug-in (version 2.3.8) today!