DiscordGithubDocsLogin

Update to MainWP Security Issue September 7 2015

Published on September 8, 2015 by Dennis Dornon in MainWP Blog under MainWP News
Heads up: This page may include affiliate links. Read the full disclaimer.

It’s been about 24 hours since our last announcement and about 48 hours since the first report of any issues (Check here for the original post) .

Where things currently stand:

So far we have only see Child sites running version 2.0.26 or lower affected.

The first report came in about 4 days after the release of the security fix and still only affects un-updated sites.

Update: Septemeber 9th

We have found that the malicious file makes it look like you are running MainWP Child 2.0.27 even if you are on a lower version so be sure you are running 2.0.28 or higher.

What we are currently doing:

Releasing the WordFence Extension for free so you can watch and clean up any child sites that may get affected.

We have reached out to the WordPress Security email asking for feedback and a possible force upgrade for users who still have not updated.

Requesting that MainWP users set MainWP as a trusted auto-update plugin in their Dashboard so the plugin auto-updates within 24 hours of a release. Check this help doc on how to set up MainWP as a trusted plugin. Update: In version 2.0.28 we give users a warning and a quick add button to auto update the MainWP Child plugin.

Join the MainWP mailing list, we mailed all our list members at the release of 2.0.27 that it was an important security update and to update right away. We would love as many people to be on that list as possible .

Offering our assistance if you need any help, just submit a ticket at https://support.mainwp.com/

What we are doing for the future:

While both the MainWP Dashboard and Child code are publicly viewable and auditable on GitHub (Dashboard / Child) and are consistently being reviewed by White Hats looking for flaws in exchange for cash rewards (this how the 2.0.27 fix was put in place before any exploits were reported) we are also having a third party fully review the code base.

We’ll add the recommendation to set MainWP as a Trusted plugin to the initial MainWP setup steps to make that a more prominent suggestion for new users.

Thanks

Dennis

Dennis Dornon

Hi, I'm Dennis Dornon! As the creator and co-founder of MainWP, my team has helped thousands of web professionals streamline their WordPress maintenance workflow.

Share

Manage Unlimited WordPress Sites from One Dashboard!

  • Privacy-first, Open Source, Self-hosted
  • Easy Client Management
  • 15+ & 30 + Premium Add-ons
  • Bulk Plugins & Themes Management
Get Pro Now

Categories

Important Updates

Interviews

Privacy

Roundup

WordPress Business

Tips & Tricks

MainWP News

How To's

Recent Posts

Search MainWP.com

[searchwp_form id="1"]