Category Archives: WordPress and other CMS

Joomla 3.7

WordPress is the current king of Content Management Systems, but there are others, including Joomla. Web sites built on popular CMS software are enticing targets for malicious hackers, because the people who manage such sites often lack the skills to keep them secure. Keeping a CMS-based site secure mainly involves keeping the CMS software up to date.

Joomla 3.7 — released yesterday — includes over 700 improvements, eight of which are related to security. Several of the security vulnerabilities addressed affect versions of Joomla going back to 1.5 and 2.5.

Joomla 1.0 through 2.5 are no longer supported. If you’re running a site that uses those older versions of Joomla, you should upgrade to 3.7 as soon as possible, as the site is otherwise likely to be hacked.

If you run a Joomla 3.x site, you should update it to 3.7 as soon as possible. If your site currently runs Joomla 3.6.x, it’s a single click update, so there’s no excuse not to do it.

WordPress 4.7.2 – security update

Most WordPress sites are configured to automatically update themselves when a new version becomes available. Still, anyone who manages any WordPress sites should make sure they are up to date with version 4.7.2, released yesterday.

WordPress 4.7.2 addresses three serious security vulnerabilities. You can find all the details in the release announcement.

Update 2017Feb02: Apparently WordPress 4.7.2 included a fix for a fourth security vulnerability, which wasn’t announced until February 2. The vulnerability is so severe that the WordPress developers didn’t want to risk anyone knowing about it until the majority of WordPress sites were updated.