Since this version of WordPress came out last week Wordfence, the leading WordPress security plugin, has brought out an update (7.4.14) to prevent a potential security vulnerability.
WordPress 5.6 now has application password functionality which will be useful in a number of scenarios including ecommerce plugins, but hackers could gain administrator access rights through phishing methods such as linking.
In order to prevent this the Wordfence plugin blocks access to this functionality by default. So provided your website has the latest version of the Wordfence plugin you’ll be safe from this particular vulnerability.
We recommend either installing the Wordfence plugin version 7.4.14 or if the plugin is already installed, then making sure your version is upgraded to the current latest version.
For a full technical explanation go to the Wordfence article.
And for those readers who would prefer their WordPress plugins to be managed and updated for them please check out our Daily WordPress Core, Theme and Plugins Checks and Updates Service. Alternatively, you can reach Alex at alex@octagontech.com or on 01522 797520 for a chat.
Alex
Web Support
