Does Your Small Business Website Use WordPress? Change Your Passwords and Privacy Settings Now

Every business needs a website. Someplace for customers to learn about your company, find contact information and get accustomed to your brand and products. And today it's easier to set up a website now than ever before, thanks to dozens of available content management systems (CMS) like WordPress, Drupal, Joomla and ExpressionEngine.

But while CMS supports users during the creation and modification of digital content, they aren't exact impervious to a cyberattack. In fact, more than a million WordPress sites are vulnerable to incursion via a popular plugin.

Below we will cover how to sure up your digital defenses to prevent a data leak from this vulnerable plugin. If you do suffer a data breach or cyberattack, a cyber insurance policy from CyberPolicy can protect your business from the harmful financial damages.

The Gallery Gap
NextGen Gallery is a prevalent photo gallery management system used to upload and sort images to WordPress. It was developed in 2007 and sees over 1.5 million new downloads every year - you may even be a user yourself. But if you are, it would be a good time to update NextGen Gallery right away.

Researchers discovered a "severe" SQL injection vulnerability which allows remote hackers to input malicious commands to the backend of your WordPress site.

"This vulnerability allows an unauthenticated user to grab data from the victim's website database, including sensitive user information," says researcher Slavco Mihajloski. \"This is quite a critical issue. If you're using a vulnerable version of this plugin, update as soon as possible!\"

If you don't know, an SQL injection attack implants a segment of noxious code into a user field (such as an email address or password entry box) which executes a command in the web application's database server (e.g. dump database contents to attacker, leak passwords or secret keys, delete database, etc.). In the case of NextGen Gallery, a hacker would need to employ a $container_ids string in order to implement the exploit.

Fortunately, there is a simple solution:

  • Update Your Plugin - Software developers regularly find and patch security flaws in their programs; but if you don't take advantage of these updates, you open yourself up for incursion by hackers who keep up on the latest news.
  • Change Your Password - It's always a good idea to follow sensible password protocols. In the event of a breach or suspected vulnerability, change your login credentials to protect your organization.
  • Watch for Suspicious Activity - Cybercrime isn't always immediately apparent. Be sure to look for abnormalities on your website or in your systems. Stay vigilant.
  • Alert Your Users - Similarly, if you suspect your website has been breached by a cyber crook, alert your users to change their passwords and report any suspicious behavior. That being said, don't needlessly frighten your customers. Only alert them when necessary.

Finally, invest in a cyber insurance policy. In the event some crafty hacker makes away with your precious data, CyberPolicy can assist with the cost of data retrieval, cyber extortion, business downtime and so much more.

Interested in learning more about cyber insurance policies? Get your free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375