Jetpack Security Update Requires Immediate Action!
Jetpack has released it's newest security update 2.9.3 telling everyone to update as soon as possible due to a potential and critical security threat. They are sending out emails to all users who are not on the latest version to update the plugin quickly to avoid being logged out of Jetpack for the site's own safety.
While this is not linked to the heartbeed bug, the threat was still a nasty one. The open door can be combined with other attacks to get into your site quicker and easier. Jetpack is not announcing where the bug was found, they only stated “we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access.” See their full announcement over on Jetpack's news. The bug has actually been there since the 1.9 update.
With almost ten million downloads, Jetpack is one of the most popular plugins to use. Thankfully, the audit caught the bug before the masses caught wind of what they could do. At this moment Jetpack is saying there are no confirmed evidence that this bug has been violated which is great news to their millions of users. While the bug is still considered a huge security risk, updating to 2.9.3 will close the access door to the vulnerability.
Jetpack Security Update Instructions
Most often you can update the plugin within the dashboard. If you enjoy or need to manually download the newest update you can find it on the WordPress Repository here. Just click the bright orange box that says “Download Version 2.9,3” and it will give you a zipped file that you can then upload to your site.
Once you have updated, the risk should be depleated. It would still be good measures to change your WordPress.com password. It never hurts to change a password multiple times to cover security risks.
WPSecurityLock's team are experts at finding and fixing malicious code on WordPress sites and plugins. If you think your site has been hacked, we can remove malware. If you need repair services, such as updating plugins like Jetpack, we offer a full range of WordPress repair services. These services are also included in many of our WordPress monthly security packages, which include site monitoring, plugin updates and provide you with peace of mind.