Security Warning for All In One SEO Plugin

blog cover image
103
19.6K followers

The All In One SEO Plugin Needs an Update

Wordfence, the security plugin I use and recommend, released a notification early this morning (my time) to advise that the All In One SEO plugin which is used on over 2 million websites had a security risk which has now been rectified in the latest update.

In Plain English

Any user of your website with Contributor access or above could inject a malicious script and take over the site.

What this means to you is probably not much. If you're the only registered user on your website then nothing is going to happen. But if you've allowed other users to register then there's a potential problem.

In any case, watch this video...

Update your website


The security risk has been rectified in the latest version of the All In One SEO plugin, version 3.6.2 at the time of writing.

Always keep WordPress, all your plugins, and themes up to date. Updates are made to fix problems and security issues and add new features.

Stay safe,

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training

Recent Comments

61

You're so right Marion

About 5 days ago I updated my AIOP, then yesterday I noticed a new update available. So updated straight away.

I am a business Analyst by trade and so understand the importance of keeping everything up to date

Please allow me to echo your sound word of advice - and go one further...

...Whatever you are doing on your computer please, please save your work regularly :-)

My Best Always
Peter

Good advice, Peter. You never know when the power is going to blink off.

Thank you for this information, Marion. Updating our plugins is a vital part of our site health, in my opinion. I appreciate the info.

With 2020 vision,
Karin 😁

Thanks for informing us, Marion.

Hi Marion,
Thanks for sharing. Truly important especially now that identity thefts activity had skyrocketed.
Speaking of that, people need to be careful with website they share their email information with because you email might contain some sensitive information or the email is used as login to other important websites.
I’m sorry to say, since I started leaving my email with comments, I have had to change my password twice within a month because I was noted by my identity watch company that my email had been login in another computer outside the United State. Which I planed to create a dummy email to use for all my online business moving forward.
I encourage others especially the new folks to take similar precautions.
V/r
Benson

I have a ton of emails.

I have been receiving fake notices of my years ago emails hack. Luckily I don't use them anymore.

Great thought to have dummy emails.

Some companies uses emails as usernames, I have some of them. Problably easy to find out the password.

Great advice.

Thank you.

Luis Antonio

The best security is a strong password that contains letters, numbers, and symbols.

Thanks for sharing Marion, that's great to know :-)

See more comments

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training