Security Warning for All In One SEO Plugin

Last Update: July 16, 2020

The All In One SEO Plugin Needs an Update

Wordfence, the security plugin I use and recommend, released a notification early this morning (my time) to advise that the All In One SEO plugin which is used on over 2 million websites had a security risk which has now been rectified in the latest update.

In Plain English

Any user of your website with Contributor access or above could inject a malicious script and take over the site.

What this means to you is probably not much. If you're the only registered user on your website then nothing is going to happen. But if you've allowed other users to register then there's a potential problem.

In any case, watch this video...

Update your website

The security risk has been rectified in the latest version of the All In One SEO plugin, version 3.6.2 at the time of writing.

Always keep WordPress, all your plugins, and themes up to date. Updates are made to fix problems and security issues and add new features.

Stay safe,

Join the Discussion
Write something…
Recent messages
AskPeter Premium
You're so right Marion

About 5 days ago I updated my AIOP, then yesterday I noticed a new update available. So updated straight away.

I am a business Analyst by trade and so understand the importance of keeping everything up to date

Please allow me to echo your sound word of advice - and go one further...

...Whatever you are doing on your computer please, please save your work regularly :-)

My Best Always
MarionBlack Premium
Good advice, Peter. You never know when the power is going to blink off.
Karin13 Premium
Thank you for this information, Marion. Updating our plugins is a vital part of our site health, in my opinion. I appreciate the info.

With 2020 vision,
Karin 😁
MinaKim Premium
Thanks for informing us, Marion.
BensonE Premium
Hi Marion,
Thanks for sharing. Truly important especially now that identity thefts activity had skyrocketed.
Speaking of that, people need to be careful with website they share their email information with because you email might contain some sensitive information or the email is used as login to other important websites.
I’m sorry to say, since I started leaving my email with comments, I have had to change my password twice within a month because I was noted by my identity watch company that my email had been login in another computer outside the United State. Which I planed to create a dummy email to use for all my online business moving forward.
I encourage others especially the new folks to take similar precautions.
bestleads Premium
I have a ton of emails.

I have been receiving fake notices of my years ago emails hack. Luckily I don't use them anymore.

Great thought to have dummy emails.

Some companies uses emails as usernames, I have some of them. Problably easy to find out the password.

Great advice.

Thank you.

Luis Antonio
MarionBlack Premium
The best security is a strong password that contains letters, numbers, and symbols.
lmceachran Premium
Thanks for sharing Marion, that's great to know :-)