As soon I read my email this morning about a vulnerability being found and fixed for the WordPress SEO plugin by Yoast, I ran up to my office (good thing it’s a short commute because I am not a runner) and made sure the sites we manage were updated.
Once word is out that there is a weakness somewhere, the hackers start looking for ways to exploit it. It turns out that in order for the hacker to get in and do his evil, he would have to trick someone with administrator capabilities into clicking a link for their own website while they were logged in. So once again, don’t click on links unless you are sure they are safe.
I updated the plugin for all our sites, but noticed that in two sites, the plugin was inactive. I reported the issue to the developer and he admitted that it was odd. I’m not sure why that happened and I will continue to keep my eyes open for an answer.
I’m posting this because I want others to be aware of this and check that the plugin is still active or their clients may have SEO problems that no one will notice until months have passed and their traffic has dropped.
For more details on the security fix see Yoast’s site.