Blog

WordPress Loginizer Plugin Was Automatically Updated Due To Vulnerability

Oct 30, 2020 | Blog

WordPress tends to take a light-handed approach when it comes to managing the legions of plugins that are compatible with the most popular blogging platform on the planet. This time, however, they’re taking a different approach. They’re forcing a security update to counter a dangerous bug in a wildly popular plugin that’s being used by more than a million websites around the world.

The plugin in question is Loginizer, which was designed to help websites fight back against brute force attacks by blocking the login function for a given IP address once a certain threshold of login retries has been reached.

It’s an indispensable plugin, honestly, but researchers discovered a fatal flaw in it in the form of an SQL injection issue. The issue could have allowed a hacker to take complete control over the site running the older version of the plugin, thus, WordPress’ decisive action, which forces an update on everyone who uses it.

While we normally don’t approve of such heavy-handed measures, in this particular instance, we feel it was justified. Had the company not taken the action it did, users would have been slow to update the plugin, and many may not have updated at all, or even been aware there was an issue. This way, everyone is protected, and it happened quickly, in an organized manner.

In an ideal world, some other solution could have been implemented, but then, in an ideal world, hackers wouldn’t abuse security flaws and loopholes in the first place. Here, WordPress made the best of a number of bad decisions and took swift decisive action designed to keep their massive user base safe and protect their brand image. While it’s less than ideal, we applaud the company for their efforts.

If you use the plugin in question, just be aware that you’re getting an update whether you want one or not. In this case, that’s probably not a bad thing.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech