Yoast SEO Version Older Than 1.7.4 Should Be Updated Immediately
What is the risk to my WordPress Website?
So Who Might Be At Risk?
WordPress.org forced an automatic update for many
Because of the potential severity of the issue, the WordPress.org team put out a forced automatic update. If you did not specifically disable those and you were:
- running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
- If you were running on 1.6.*, you’ll have been updated to 1.6.4.
- If you were running on 1.5.*, you’ll have been updated to 1.5.7.
If you are on an older version, Yoast cannot auto-update you, but you should really update for tons of reasons. Of course you should really move to 1.7.4 as soon as you can anyway.
How to get my WordPress plugins to update automatically?
In the future, you can have your WordPress plugin updates taken care of automatically by simply visiting the “Dashbaord” section of your dashboard and going to Updates tab. If you don’t have the auto-update feature turned on, it’s strongly recommended that you update the SEO by Yoast plugin on all sites where you have it installed.
Why would someone hack a plugin?
According Wikipedia, WordPress is used by more than 18.9% of the top 10 million websites as of August 2013, more than 60 million websites using WordPress, and over one million websites used by Drupal.
WordPress SEO by Yoast is by far the most popular SEO plugin within the WordPress directory, with over 16 million downloads. In August of 2014, Brian Rideout of Bang Website Design, wrote “Hackers,… tend to target opportunities where an exploit or weakness will have the most opportunities for damage. For instance most viruses and malware are targeted at the Windows platform since roughly 95% of us use Windows as our desktop operating system. So when Hackers look for weaknesses in websites… which platform do they target? You guessed it, WordPress. Because if they find a way in, they can get into LOTS of sites.”
The reality is that WordPress, like Authorize.net, Chase Visa, eBay and Well Fargo are very popular and therefore an “Automatic Target” as stated by Mr. Rideout, however, this does not mean you should stop using WordPress, anymore than you should stop using your Chase Visa while shopping on eBay, or when paying your Well Fargo mortgage online all of which use Authorize.net as a payment processing gateway.
What it does mean is use precaution, and keep your site well maintained.
If you are using a CMS other than WordPress, DIR Incorporated recommends Touchdown Tech in Bremen, Indiana for hosting and security updates.
- WordPress is popular.
- Wordpess SEO by Yoast is one of the most popular WordPress plugins.
- Yoast acknowledge the issue, and fixed it quickly.
- WordPress.org supports Yoast and issued and auto-update for millions of users.
- Update to the newest version 1.74 ASAP
- DIR Incorporated clients already using 2.0 RC BETA version of WordPress SEO by Yoast
Please share with your colleagues, and use the comments section below to tell us what you think, about the WordPress Yoast SEO Hack, or other related topic.