WordPress Vulnerability Roundup: March 2021, Part 1

New WordPress plugin and theme vulnerabilities were disclosed during the first week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website.

The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes.

Each vulnerability will have a severity rating of LowMediumHigh, or Critical. The severity ratings are based on the Common Vulnerability Scoring System.

In the March, Part 1 Report

WordPress Core Vulnerabilities

No new WordPress core vulnerabilities have been disclosed this month.

WordPress Plugin Vulnerabilities

1. Under Construction, Coming Soon & Maintenance Mode

2. Abandoned Cart Lite for WooCommerce

10. WP GDPR Compliance

WordPress Theme Vulnerabilities

No new theme vulnerabilities have been disclosed this month.

March Security Tip: Why You Should Use Two-Factor Authentication

Using two-factor authentication for your WordPress website user logins can help keep your website secure even if you use one of the plugins in this edition of the vulnerability roundup with an authentication bypass vulnerability.

Why? Two-factor authentication makes it nearly impossible for an unauthenticated user to login to your website.

What is two-factor authentication? Two-factor authentication is a process of verifying a person’s identity by requiring two separate methods of verification. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.

Here are a few more reasons to use two-factor authentication to add another layer of protection to your WordPress login.

How to Add Two-Factor Authentication to Secure Your WordPress Login with iThemes Security Pro

The iThemes Security Pro plugin makes it easy to add two-factor authentication to your WordPress websites. With iThemes Security Pro’s WordPress two-factor authentication, users are required to enter both a password AND a secondary code sent to a mobile device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account.

To start using Two-Factor Authentication on your website, enable the feature on the main page of the iThemes Security Pro settings.

In this post, we unpack all the steps of how to add two-factor authentication to your site with iThemes Security Pro, including how to use a third-party app like Google Authenticator or Authy.

WordPress Diaster Week is Coming, March 16 – 18, 2021

Are you ready if disaster strikes your WordPress website today?

From running an update that breaks everything to hacks or accidentally deleting an important file, the reality is it’s not a matter of if but when something will go wrong with your site. And now, more than ever, the security threats your website faces are very real. 

To help you combat the threat of website disasters, we’re hosting the biggest free, online iThemes training event of the year so that EVERYONE can have a plan if and when a website catastrophe strikes.

Grab your spot here for WordPress Disaster Week, happening March 16, 17 & 18, 2021, with daily sessions happening from 1:00 – 3:00 p.m. (CT).

During this training, we’ll cover a complete plan for how to prevent and recover when website calamity strikes, including:

Can’t make the live training time? Go ahead and register and we’ll email you the video replays to watch at your convenience. See webinar time in your time zone here

This content was originally published here.