The vulnerabilities discovered allow remote attackers being able to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.

These vulnerabilities have been addressed and resolved in the latest WordPress version 5.3.1+.

Our team would like to kindly encourage our clients to update their WordPress installations to the latest, secure version to protect your website any of the mentioned attacks.

Additionally please consider reading our WordPress security guide for further recommendations to secure your WordPress website.

If you don’t update your WordPress version, and unfortunately your website is compromised by one of the above attacks, you may find this article helpful… “How did my WordPress website get hacked? What do I do?”

The introduction of the Internet into society essentially resulted in the inability to protect information by practical obscurity. For many, the digital sphere represents a loss of individual control of information and a threat to personal privacy. It is this inherent fear of relinquishing ownership that IT analysts and cloud organizations attribute to the stunted growth of virtual infrastructure technology, often referred to by the term ‘cloud computing’.

At its core, the cloud offers an alternative to private networks and private managed infrastructure, by offering elasticity, scalability, and the cost benefits of a utility based pricing model in a secure virtual environment.

The uniqueness of security in cloud computing can be attributed at its most primitive level to both the provider and the customer. Both of these parties have the responsibility of ensuring security and integrity of deployed virtual infrastructure in the cloud.

Quintessentially, the provider (that’s us), has the arduous task of ensuring the security of our infrastructure, as well as protecting your data, application & OS level. As the customer however, there must also be an awareness of responsibility to demand transparency from distributors and partners, in terms of what occurs in this virtualised environment, and additionally who has access to their cloud machines.

It is due to these concerns that some businesses are reluctant to pursue cloud computing as a viable option. Herein lies the insurmountable problem of developing an effective cloud marketing strategy, able to defuse some of these concerns to the public. The process of developing and offering trust, security and control is integral to the cloud’s success.

Due to this perception of risk, businesses should not instantly shy away from the concept of cloud computing, but rather carry out effective risk management and value analysis instead. Of course, as with everything, from catching the bus to work in the morning, to deploying a scalable Ruby application, there are risks involved, and we need to weigh them up and factor this into our decision making.

Here’s a light-hearted look at the issue of security in the cloud.

In our next blog post we’ll be discussing the concepts and additional security benefits of a private cloud.