WordPress Zero Day Vulnerability: Prevent With Zesty.io

How can you stay safe from the next WordPress vulnerability?

WordPress Zero Day Vulnerability: Prevent With Zesty.io

Chloe Spilotro 02.08.2017

Security attacks on websites are attempted all day, every day: the concern is whether those attacks actually deface the website, steal user data, bring down the website, etc. Recently, WordPress discovered a major vulnerability through one of their Rest API’s that has compromised thousands of users websites. Bad actors could use this API to add or change content to the website at will; essentially giving these bad actors control over the look, feel, and content on affected websites.

Thankfully WordPress discovered this vulnerability, was able to notify their customers, and now is alerting those affected to update their websites accordingly. However, what if those users do not? They are sitting ducks until it’s too late.

Even if a potentially affected WordPress website is updated and secure now, it could have easily been compromised. This vulnerability gave bad actors access to a business's website(s) allowing them to change their content.

On Zesty.io, we work diligently to prevent these issues before they arise. Security is paramount, and our engineers work vigilantly to automatically provide security updates to our users and push those updates out accordingly. By taking all of the responsibility for our platform security, we minimize the possibility for bad actors to affect our clients’ sites. Additionally, we automatically provide all of our clients protection against DDoS attacks. This is largely done through our implantation of CloudFlare, software designed to detect and stop any DDoS attack attempts before they impact users visiting a webpage.

We can control a lot of external protection for sites, but we also provide tools for our clients to protect their sites internally. We are proud to offer two-factor authentication powered by our partner Authy for clients who take additional precautions by adding another layer of security. In addition, with Zesty.io, site administrators have the ability to assign user roles and permissions. These can be extremely granular, allowing certain users Contributor status, which means they can add content, but not publish it. This allows each user to be secure in what they can change on the website and the parts they can not. For those who manage multiple sites on Zesty.io, those permissions are on a per-site basis: meaning someone can be a publisher for one microsite and a contributor on the main site. These permissions and controls help to streamline internal workflow but also provide that extra security so updates to the site can be made only by those who need to be making those changes.

The tech community is very transparent, and we do our best to learn from each other. While we’re glad WordPress was able to catch this vulnerability, we’ve purposefully built our platform to learn from those mistakes early on and prevent such vulnerabilities from happening in the first place. Our architecture is what makes us different, and we’re proud to provide our clients unparalleled security measures. If you’re concerned about whether your site is secure or not, feel free to email us at sales@zesty.io to discuss any concerns.

Experience a Headless Content Management System, Join Zesty.io.

Start a Sandbox Now

More from Mindshare: Content Marketing

Placeholder image

What is a Landing Page? (All Questions Answered)

Making it easy for consumers to visit your landing pages is both a science and an art form: they should

Read Article
Placeholder image

Scariest Website Horror Stories of 2019

It's spooky season... read through to see the scariest website horror stories of 2019 (if you dare)!

Read Article
Placeholder image

Sony Alpha Adopts Zesty.io SaaS Content Platform

Marketers Deploy Secure Consumer Camera Website in Two Months and Increase Visitors to 400,000+ Per Month

Read Article
Placeholder image

How to add an Emoji Favicon to your Website with Zesty.io

Now that all modern browsers support SVG favicons, here's how to turn any Emoji into a Favicon

Read Article
Chloe Spilotro photo

Chloe Spilotro

Marketing Manager, Zesty.io

Marketing Manager at Zesty.io. Hooked onto the platform since first using it through the Zesty.io Incubator Program at the University of San Diego. Passionate about all things marketing, IoT, and helping businesses leverage technology to grow and become major players in their industries.... Learn More

Exploring content solutions? Looking to replatform?