We love Jetpack – it’s full of great features for lots of websites. We’ve share reasons why you should use Jetpack, and then urged you again to give Jetpack a try. But it appears that there was a critical security loophole hiding in all those options. But have no fear, the folks over at Automattic were the ones to find it during a routine security check and they had the plugin updated in no time – so if you haven’t already, update your Jetpack as soon as possible.
According to Jetpack, the flaw has been present since Jetpack 1.9 and in all versions thereafter. The vulnerability left a hole open for hackers to access your site and publish posts without being an admin, and could have possibly been combined with other malicious attacks to further impair your site. Although they haven’t seen any documentation of this loophole being exploited “in the wild” Jetpack said it themselves:
This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world.
So please make sure to update your Jetpack plugin as soon as you get a chance. Jetpack released a statement that they plan to disconnect websites using an outdated version of the plugin to offer an extra blanket of security. You can learn more about the update on the JetPack Blog, but you should also checkout some of our other articles on WordPress security to keep your website extra safe.
- Is Your WordPress Site Secure? 10 Things to Look For
- WordPress Security: Is Your WordPress Site Really Secure?
- How to Secure Your WordPress Site in 5 Simple Steps
- I Tested For You “VaultPress Lite”
- WordPress Security: Can Security Ninja Keep Your Site Safe?
- The 5 Steps I Took to Recover My WordPress Blog from a Hack