At AWESEM we take website security extremely seriously and have blogged many times in the past about the importance of keeping your website updated to protect against any known vulnerabilities in your WordPress theme or plugins.

There have been a number of vulnerabilities flagged recently, which should serve as a sobering reminder to keep your plugins up to date on a regular basis. Not only will these updates keep your website safe, they’ll also fix known issues and boost performance.

The WPScan Vulnerability Database is a hugely valuable resource for identifying and staying up to date with any new vulnerabilities that have been determined by online security experts. To make it simple to stay educated about any potential security issues you can even sign up for free alerts so you never miss a notification.

A sample of the recent vulnerabilities you should be aware of are:

All In One WP Security & Firewall <= 4.4.1 – Open Redirect & Hidden Login Page Exposure

Export Users to CSV < 1.4 – Unauthorised CSV Access

Download Plugins and Themes from Dashboard <= 1.5.0 – Unauthenticated Stored XSS

WordPress <= 5.2.2 – Cross-Site Scripting (XSS) in URL Sanitisation

WordPress 5.0-5.2.2 – Authenticated Stored XSS in Shortcode Previews

WP Engine recently debuted their automated plugin updates tool with interesting new visual recognition technology, which they describe as follows:

Smart Plugin Manager is a WP Engine feature that keeps your environments secure by automatically updating all of your WordPress plugins to ensure that they’re always up-to-date. Additionally, Smart Plugin Manager will check to ensure that the updates are working as expected, and that the update did not cause any visual problems on your site.

