Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been a big topic to talk about in 2014. In my previous post I have showed how to harden your WordPress websites against DDoS attacks.
Good news for the WordPress and Drupal folks. Andrew Nacin and Michael Adam of WordPress security team and David Rothstein of Drupal security team have collaboratively worked on an security fix of XML-RPC vulnerability that allowed to carry out DDoS attacks. This is the first time both of these parties have worked together to fix a vulnerability.
This vulnerability was reported by Nir Goldshlager on his blog here. Good thing is that Goldshlager reported this issue to the security teams of both WordPress and Drupal before releasing the news to the public in order to avoid major attacks.
It is very encouraging to see WordPress and Drupal security teams working collaboratively to fix the PHP XML processing vulnerability.
For people who have turned on automatic updates on their WordPress websites would have received notifications that there site has been updated to 3.9.2.
This security update available for the following versions:
- WordPress 3.7.4
- WordPress 3.8.4
- WordPress 3.9.2
Also, WordPress 4.0 Beta 3 is out too with same security fixes.
It is recommended for WordPress users to update to latest version 3.9.2 as it contains additional security updates. For complete details, read this blog post.
For Drupal users, latest versions, 7.31 and 6.33, are available to fix these issues that you can get here.
Cloudways ensures that all security updates are applied on its servers and applications as soon as they are available. You can start immediately with a free trial here
Start Creating Web Apps on Managed Cloud Servers Now
Easy Web App Deployment for Agencies, Developers and E-Commerce Industry.