December 2nd, 2016
WordPress Terminates the Need for Manual Updates
A WordPress flaw was one that resulted in hacking of the ISC and a lot has followed since; however, the CMS has decided to bring an end to the chaos. It now brings to the table an automatic way to secure WordPress sites in order to eliminate the risk of nonpatched systems.
Out-of-date and unpatched software often paves way for hackers to take advantage of common vulnerabilities being aware of which the WordPress has leapt forward to provide automatic updating for plug-ins as it will help mitigate such risks. To that end, the blogger and CMS has introduced the Jetpack plug-in for self-hosted WordPress users, which enables multiple services, including a new dashboard for managing multiple WordPress sites. WordPress users can install the update directly either from a WordPress site or by using the http://jetpack.me/install/ address.
The Jetpack 3.3 update is out and provides users with a major feature to help immensely minimize security risks for self-hosted WordPress sites. The new update will allow site administrators to choose in order to enable automatic updates for any plug-in that is running on a WordPress site, or a group of such sites. The inclusion of automatic plug-in updates for WordPress has come in after Automattic’s acquisition of security vendor BruteProtect that happened in August 2014.
With the new Jetpack 3.3 Update, out-of-date plug-ins could now become obsolete, significantly reducing the risk from exploitation. Automatic security and critical bug fix updates have been provided by the core open-source WordPress project since October 2013 when WordPress 3.7 was released. However, those automatic updates have simply worked for the core of the WordPress code, leaving plug-ins still exposed. Providing a solution to this problem, the Jetpack 3.3 release closes that risk exposure. Along with automatic core WordPress updates, it also provides an application platform that remains up-to-date against patched security risks.
Although WordPress now has the required technology for automatic core application and plug-in updates, some platform risks still exist. WordPress needs to be installed above an application infrastructure batch, which is usually the operating system Linux; the MySQL or MariaDB database; the Apache or Nginx Web server; and the programming language called PHP. If any of those components happen to experience a vulnerability of any sort, it could still expose WordPress sites to risk.
Having provided a solid application that can be continuously updated with security updates not requiring administrator intervention, WordPress has definitely helped reduce the challenges. While it is very unlikely that every WordPress site administrator will enable automatic site and plug-in updates, quite a few will go ahead and do that, which will help secure a broad spectrum of the Internet from the risk posed by unpatched WordPress vulnerabilities.