WordPress 5.8.1 Released to Fix Multiple Vulnerabilities
WordPress 5.8.1 Security and Maintenance ReleaseIt’s not uncommon for WordPress or any software for that matter to publish a bug fix update following a major version update in order to fix unforeseen issues as well as introduce improvements that didn’t make it in time for the major release. In WordPress those updates are called a maintenance release. This update also includes a security update, which is somewhat uncommon for the WordPress core. That makes this update more important than the typical maintenance release.
WordPress Security Issues FixedWordPress 5.8.1 fixes three vulnerabilities:
- A data exposure vulnerability within the REST API
- Cross-Site Scripting (XSS) vulnerability in the Gutenberg block editor
REST API VulnerabilityThe WordPress REST API is an interface that allows plugins and themes to interact with the WordPress core. The REST API has been a source of security vulnerabilities, including most recently with the Gutenberg Template Library & Redux Framework vulnerability that affected over a million websites. This vulnerability is described as a data exposure vulnerability, which means that sensitive information could be revealed. There are no other details at this time regarding what kind of information but it could be as severe as passwords to data that could be used to mount an attack through another vulnerability.
WordPress Gutenberg XSS VulnerabilityCross-Site Scripting (XSS) vulnerabilities happen relatively frequently. They can happen whenever there is a user input like a contact or email form, any kind of input that is not “sanitized” to prevent the upload of scripts that can trigger unwanted behavior in the WordPress installation. The Open Web Application Security Project (OWASP) describes the potential harm of XSS vulnerabilities:
“An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.”This specific vulnerability affects the Gutenberg block editor.
“Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.”There appear to be many other vulnerabilities affecting the Lodash library in the 4.1.7 branch as well.
WordPress Urges Immediate UpdatingThese security vulnerabilities add a sense of urgency to this update. All publishers are recommended by WordPress to update. The official WordPress announcement recommends updating:
“Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.”
Are you looking for Cheap WordPress 5.8.1 Hosting? Finding a high quality Cheap WordPress 5.8.1 Hosting provider is crucial for your web application. Your WordPress 5.8.1 application can only run smooth if it will be hosted on a server which can provide a higher up time & plenty of computing resources. There’re thousands of web hosting providers which offer asp.net hosting, but choosing Cheap WordPress 5.8.1 Hosting provider is a time consuming task. To make your buying decision easy we’ve concluded 3 Best yet Cheap WordPress 5.8.1 Hosting providers which are reliable and offer affordable WordPress 5.8.1 Hosting so that every one can afford it.
Cheap and Reliable WordPress 5.8.1 Hosting
|Host 1 Site||Host 1 Site||Host 5 Sites|
|1 GB Disk Space||1 GB Disk Space||1 GB Disk Space|
|10 GB Bandwidth||10 GB Bandwidth||20 GB Bandwidth|
|Dedicated Application Pool||Dedicated Application Pool||Dedicated Application Pool|
|Support UTF-8 Domains||Support UTF-8 Domains||Support UTF-8 Domains|
|30-Days Money Back||30-Days Money Back||30-Days Money Back|
|Latest ASP.NET||Latest ASP.NET||Latest ASP.NET|
|Plesk Control Panel||Plesk Control Panel||Plesk Control Panel|
|Windows 2008/2012||Windows 2008/2012||Windows 2008/2012|
|SQL Server 2008/2012/2014||SQL Server 2008/2012/2014||SQL Server 2008/2012/2014|
|Latest MySql version||Latest MySql version||Latest MySql version|
How to Choose Cheap and Reliable WordPress 5.8.1 Hosting?
Reliability and Speed of Access
Not only should the web host be reliable and fast, it should guarantee its uptime (the time when it is functional). Look for a minimum uptime of 99%. In fact, even 99% is actually too low — it really should be 99.5% or higher. The host should provide some sort of refund (eg prorated refund or discount) if it falls below that figure. Note though that guarantees are often hard to enforce from your end — especially if the host denies there was any downtime. However, without that guarantee, the web host will have little incentive to ensure that its servers are running all the time.
Data Transfer (Traffic/Bandwidth)
Data transfer (sometimes loosely referred to as “traffic” or “bandwidth”) is the amount of bytes transferred from your site to visitors when they browse your site.
Don’t believe any commercial web host that advertises “unlimited bandwidth”. The host has to pay for the bandwidth, and if you consume a lot of it, they will not silently bear your costs. Many high bandwidth websites have found this out the hard way when they suddenly receive an exorbitant bill for having “exceeded” the “unlimited bandwidth”. Always look for details on how much traffic the package allows. I personally always stay clear of any host that advertises “unlimited transfer”, even if the exact amount is specified somewhere else (sometimes buried in their policy statements). Usually you will find that they redefine “unlimited” to be limited in some way.
In addition, while bandwidth provided is something you should always check, do not be unduly swayed by promises of incredibly huge amounts of bandwidth. Chances are that your website will never be able to use that amount because it will hit other limits, namely resource limits.
To give you a rough idea of the typical traffic requirements of a website, most new sites that don’t provide video or music on their site use less than 3 GB of bandwidth per month. Your traffic requirements will grow over time, as your site becomes more well-known, so you will need to also check their policy when you exceed your data transfer limit: is there a published charge per GB over the allowed bandwidth? Is the charge made according to actual usage or are you expected to pre-pay for a potential overage? It is better not to go for hosts that expect you to prepay for overages, since it is very hard to forsee when your site will exceed its bandwidth and by how much.
For the same reason as bandwidth, watch out also for those “unlimited disk space” schemes. Many new sites (that don’t host videos or music) need less than 20 MB of web space, so even if you are provided with a host that tempts you with 100 GB (or “unlimited space”), be aware that you are unlikely to use that space, so don’t let the 100 GB space be too big a factor in your consideration when comparing with other web hosts. The hosting company is also aware of that, which is why they feel free to offer you that as a means of enticing you to host there.
Does its technical support function 24 hours a day, 7 days a week (often abbreviated 24/7), all year around? Note that I will not accept a host which does not have staff working on weekends or public holidays. You will be surprised at how often things go wrong at the most inconvenient of times. Incidentally, just because a host advertises that it has 24/7 support does not necessarily mean that it really has that kind of support. Test them out by emailing at midnight and on Saturday nights, Sunday mornings, etc. Check out how long they take to respond. Besides speed of responses, check to see if they are technically competent. You wouldn’t want to sign up with a host that is run by a bunch of salesmen who only know how to sell and not fix problems.
Email, Autoresponders, POP3, Mail Forwarding
If you have your own site, you will probably want to have email addresses at your own domain, like [email protected], etc. Does the host allow you to set up whatever email addresses you want on your domain, so that mail can be forwarded to your current email address, or placed into a mail box on your web hosting account itself? Can you set an email address to automatically reply to the sender with a preset message (called an autoresponder)? Can you retrieve your mail with your email software?
This is called various names by different hosts, but essentially, they all allow you to manage different aspects of your web account yourself. Typically, and at the very minimum, it should allow you to do things like add, delete, and manage your email addresses, and change passwords for your account. I will not sign up with a host where I have to go through their technical support each time I want to change a password or add/delete an email account. Such tasks are common maintenance chores that every webmaster performs time and time again, and it would be a great hassle if you had to wait for their technical support to make the changes for you.
Web Server and Operating System
Is the type of operating system and server important?
In general, most people will want to sign up for a web host offering a Unix-based system (like Linux, FreeBSD or OpenBSD) and running the Apache web server. Most web-based software assume your website is running on such a system, and you will usually experience fewer compatibility issues with it. There are also a lot of guides available on the Internet on configuring such systems, so finding help when you need it is easier as well.
In my opinion, the only time when you will want to use a Windows server is if you’re running Windows-specific programs, like ASP scripts. But even then, you’ll probably be better off looking for a PHP-equivalent, and using a Unix-based system.
I was actually hesitant to list this, but I guess it’s futile not to. However, I would caution that while price is always a factor, you should realise (“realize” in US English) that you often get what you pay for, although it’s not necessarily true that the most expensive hosts are the best.
Monthly/Quarterly/Annual Payment Plans
Most web hosts allow you to select an annual payment plan that gives you a cheaper rate than if you were to pay monthly. My current personal preference is to pay monthly with all new web hosts until I’m assured of their reliability and honesty. Paying monthly allows me to switch web hosts quickly when I find that the current host does not meet my requirements: this way, I’m not tied down to a bad web host because I have prepaid for an entire year. I do this even if the new web host guarantees that they will refund the balance if I’m dissatisfied, since at the point I sign up, I have no assurance that they will honour their guarantee. Later (usually after a couple of years), when I’m satisfied with the host, I may change payment plans to the discounted annual plans.
Not all hosting companies own or lease their own web servers. Some of them are actually resellers for some other hosting company. The disadvantage of using a reseller is the possibility that you are dealing with people who don’t know much about the system they are selling and who take longer to help you (they have to transmit your technical support request to the actual hosting company for it to be acted upon). However, this also depends on both the reseller and the underlying hosting company. It is thus wise not to rule out all resellers; there are a number of reliable and fast ones who are actually quite good and cheap. In fact, a number of resellers sell the same packages cheaper than their original hosting company. If you find out that a particular company is a reseller, you will need to investigate both the reseller and the real hosting company.
If you don’t stay in the USA, you have the option of hosting your site with some local provider. The advantage here is the ease of dealing with them (they are after all easily accessible by phone call or a visit), your familiarity with the local laws and easy recourse to those laws should it be necessary. It should be your choice if your target audience is local (eg a local fast food delivery service). On the other hand, hosting it in USA has the advantage of faster access for what is probably the largest number of your overseas visitors (particularly if you have an English-speaking audience). You also have a large number of hosting companies to choose from, and as a result, cheaper prices too.