Category Archives: WordPress and other CMS

Joomla 3.7

WordPress is the current king of Content Management Systems, but there are others, including Joomla. Web sites built on popular CMS software are enticing targets for malicious hackers, because the people who manage such sites often lack the skills to keep them secure. Keeping a CMS-based site secure mainly involves keeping the CMS software up to date.

Joomla 3.7 — released yesterday — includes over 700 improvements, eight of which are related to security. Several of the security vulnerabilities addressed affect versions of Joomla going back to 1.5 and 2.5.

Joomla 1.0 through 2.5 are no longer supported. If you’re running a site that uses those older versions of Joomla, you should upgrade to 3.7 as soon as possible, as the site is otherwise likely to be hacked.

If you run a Joomla 3.x site, you should update it to 3.7 as soon as possible. If your site currently runs Joomla 3.6.x, it’s a single click update, so there’s no excuse not to do it.

WordPress 4.7.2 – security update

Most WordPress sites are configured to automatically update themselves when a new version becomes available. Still, anyone who manages any WordPress sites should make sure they are up to date with version 4.7.2, released yesterday.

WordPress 4.7.2 addresses three serious security vulnerabilities. You can find all the details in the release announcement.

Update 2017Feb02: Apparently WordPress 4.7.2 included a fix for a fourth security vulnerability, which wasn’t announced until February 2. The vulnerability is so severe that the WordPress developers didn’t want to risk anyone knowing about it until the majority of WordPress sites were updated.

Critical security update for Joomla

Joomla 3.6.4, released on October 25, addresses two critical security vulnerabilities that could allow an attacker to gain control of a Joomla-based web site.

Like WordPress, Joomla forms the basis of numerous web sites, because it’s easy to set up and manage. Its popularity and ease of use have of course also made Joomla a target for malicious hackers, who know that many Joomla sites are not kept up to date by their inexperienced owners.

If you manage a Joomla 3+ web site, please install this update as soon as possible. It’s very likely that attackers are already searching the web for vulnerable sites. Unless of course you want your site to be part of a botnet (which may sound cool, but really isn’t).