• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
BlogAid Logo

BlogAid

Help for DIY Site Owners and Webmasters - WordPress, SEO, HTTPS, Security, and Performance

  • Home
  • Blog
    • Current Posts
    • Helpful Posts
  • Tips Tuesday
  • Site Services
    • Happy Clients
    • Setup, Backups, Fixes
    • Site Service Requests
    • Site Audits
      • What’s In the Audit
      • Audit Request Form
    • HTTPS Conversion
      • About the Service
      • HTTPS Request Form
  • Resources
    • Plugins
    • Helpful Posts
    • Site Resources
    • Start Here with BlogAid
  • Classes
    • Happy Clients
    • All Classes
    • DIY SEO Course
    • Webmaster Training
  • Videos
  • About
    • About MaAnna
    • Happy Clients
    • Privacy Policy and Terms of Use
  • Contact
    • General Contact
    • Site Service Requests

PHPMailer Exploit in WordPress Core

December 27, 2016 by MaAnna Stephenson

TwitterFacebookPinterestLinkedinRedditWhatsApp

WordPress Security Alert 

A new security issue has been found in the PHPMailer used to send emails from your WordPress site.

UPDATE 1/10/17 – The developer of the PHPMailer code has patched it for this vulnerability.

As reported in Tips Tuesday for Jan 10 2016, WordPress will not be creating a patch for it.

So hosts are now applying the patch directly from the developer.

You may get an email from your host reporting that they are taking this action.

UPDATE 1/11/17 – and the very next day WordPress rolled out 4.7.1, stating there was still no issue in the code, but just to be sure, they updated it anyway.

Following is a brief on the situation and what you need to do.

You may get an email from your host about this if they have active security scanners.

It will take a WordPress update to fix it and they are already working on that.

If you have auto updates turned on (unless you changed code to turn it off) the WP security update will be auto installed for you.

If you use a plugin for email from your site, (like one with SMTP and an outside service) it will not be affected by this exploit.

Also, a hacker would have to get control of the sending address (yours) to be able to actually run the exploit. So, that’s probably never going to happen.

What You Should Do

If you haven’t updated to WP 4.7, you may want to do that now.

I don’t know if a security patch will be available for WP 4.6 or not, but usually when something like this happens so close to a major release date, they do patch for both.

If you’ve already updated to WP 4.7, just sit tight and let the WordPress auto update take care of this for you.

More Info

Here’s a link with more info from WordFence.

There is also a post on Hacker News, but I’m not sure they are keeping it as up to date as WordFence.

TwitterFacebookPinterestLinkedinRedditWhatsApp

Filed Under: Security, WordPress

About MaAnna Stephenson

MaAnna is a geek who can still speak in plain English. She helps DIY site owners plus webmasters and designers create sites that are secure, perform well, and get noticed by search engines and readers.

  • Facebook
  • Google+
  • LinkedIn
  • Pinterest
  • RSS
  • Twitter
  • YouTube

This book could save you hundreds of dollars and months of frustration. Get it free with your subscription to BlogAid News plus my blog posts.
Privacy Policy



Reader Interactions

Primary Sidebar

This book could save you hundreds of dollars and months of frustration. Get it free with your subscription to BlogAid News plus my blog posts.
Privacy Policy

Hi! I'm MaAnna, and a geek who can still speak in plain English. I help DIY site owners plus webmasters and designers create sites that are secure, perform well, and get noticed by search engines and readers. How May I Help You?

Let’s Connect

  • Facebook
  • Google+
  • LinkedIn
  • Pinterest
  • Twitter
  • YouTube

Looking for Something?

Search by Category

Footer

BlogAid News

This book could save you hundreds of dollars and months of frustration.

Get it free with your subscription to BlogAid News plus my blog posts. Privacy Policy

From the Blog

  • Free Social Share Button Plugins: The Best and Worst to Use
  • Scriptless Social Sharing Plugin: Best Settings for Speed and Looks
  • Tips Tuesday – Video is Huge, 2 Free Webinars, Social Share and Pinterest Case Study Update
  • Tips Tuesday – Sticky Bar Plugins, Gutenberg Phase 2, Safely Update Plugins
  • Tips Tuesday – Site Speed, Protect Images, Google and PDFs, WP 5.1 Security
  • Tips Tuesday – Site Security, MediaVine Research, Genesis 2.8, Gutenberg Phase 2
  • Collection #1 Data Breach and Your Site Security
  • Genesis 2.8 Promises a New Theme Experience

© 2019   Blog Aid · WordPress for Non-Geeks · All Rights Reserved

Disclosure: Some of the links on this website may be affiliate links. When you make a purchase from these links, I earn a small commission.
While commissions allow me to keep this site 100% free, I only endorse products I trust and use for myself and clients.