I can not stress enough how important it is to keep your WordPress site up to date. WordPress powers more than 25% of all websites, which makes it a favorite target for hackers.

While it is not a pleasant experience to have your site hacked, it is pretty common, so you need to always keep an eye on WordPress updates and always use the latest version.

The Exploit

A new Zero day vulnerability of type Remote Code Execution was announced yesterday,  this exploit will not only affect your blog, but your whole website and it can affect any WordPress version lower than 4.7.4, if you have 4.7.4 you’re possibly in the good position. However, there is another exploit (unauthenticated password reset)  that could be used to reset admin password, this exploit works by injecting and manipulating header request in the password reset function to send the password reset link to attacker’s email instead of admin’s. So expect a new WordPress update in the next few days.
Exploit link / Video

How to Stay Safe

Remember that there is no 100% security, and keeping your site from being hacked is all about you being careful and doing your research. It is said that:

an ounce of prevention is worth a pound of cure.

here are few tips to keep your WordPress website safe:

  • Always register your domain with a different registrar than your hosting provider (always), keep your password different, safe, and only login when needed.
  • Do your research before choosing your hosting provider.
  • Be careful when sharing your host, WordPress, and FTP login details, and don’t keep your credentials saved on your computer, you have memory for a reason.
  • Backup your website regularly, I recommend UpdraftPlus, take regular backups of your database and files to your Dropbox folder automatically, or save to your computer.
  • Keep all your WordPress plugins and themes up to date.
  • Read as much as possible, there are common steps for better security shared online that can make your WP site more secure.

These steps are more preventive than protective, but they guarantees that if your site still been compromised, or lost data for any reason, you can easily restore it.

If you know any other good security tips to harden WordPress, please share them in a comment below.