WordPress Security Alert: MainWP

WordPress Security Alert: MainWP image

MainWP is a free WordPress network management plugin. It goes beyond WordPress Multi-Site to allow centralized management of all your WordPress sites, irrespective of where they are. Thus, you can control many websites on different hosts from a single sign-on.

Though that makes multiple WordPress websites management easier, it does raise a potential security issue. And recently, that potential has become a reality, as www.wordfence.com report:

There is a serious privilege escalation vulnerability in the MainWP Child WordPress plugin. This plugin has over 90,000 active installs. The vulnerability allows an attacker to log into a vulnerable website bypassing the password authentication mechanism that WordPress provides.

What to do: Upgrade immediately to version which was released last Friday and fixes this specific issue.

We have seen less than 10,000 downloads of this plugin since the fix was released and WordPress.org estimates 90,000 active installs are out there, so please help spread the word to the rest of the WordPress community about this issue.

Note that MainWP is a two-part plugin. You install the MainWP plugin on your main admin site, and MainWP Child on all your other websites. I believe that the latest update makes this a secure form of multiple site management, and I intend to test the features on my own websites. I’ll report back on the usefulness of MainWP once I’ve had time to test it thoroughly. At first sight, it seems a useful alternative to ManageWP, which I found to be quite expensive.

WordPress Security Alert: MainWP imageIf you are worried about WordPress Security, I urge you to signup for the security alert service from Wordfence. Simply add your email address to the Wordfence Security Updates service. Alternatively, let me host your website for you. All Shrewdies websites are protected by a security package that includes Wordfence protection.

Signup to Shrewdies.com Updates Service to get news about my secure WordPress hosting plans.

Your email address is safe. I will never share it.

Read more about Shrewdies Online Business Updates.