Easy WP SMTP Plugin has a WordPress website vulnerability

WordPress website vulnerability is really high if you have the Easy WP SMTP plugin installed. It has a vulnerability that will allow a hacker to create a new admin level user to your WordPress website.  This makes your WordPress website vulnerable to someone logging in and making changes. The first change would be to remove your user account and effectively lock you out of your own website.

What does this WordPress Website Vulnerability mean for you?

It means they can do anything you can do. They can:

  • Create content – likely not the kind of content you want on your website
  • Lock you out
  • Add or delete anything – think of adding questionable photos and removing all your content
  • Upload malware or viruses – this will get your website blacklisted so security software will block your site when someone visits
  • Upload a backdoor to your server – if you are on a shared server (cheap hosting) this will give them access to many websites
  • Really mess with your website in any way that they want

If you are using this plugin you need to update it immediately. The WordPress website vulnerability risk is too high. There is a patch that will correct to problem, but you must get the update to be protected. If you do not know how to update your plugins – it is easy. Just login in and go to Plugins, find the ones that need updating and click the Update link. The other way is to go to Dashboard then choose Update. Here you can update them all at once.

Warning: If you are using Godaddy shared hosting you have to update plugins 1 at a time. If you try to do them all at once it will crash your server and temporarily bring down your website. This is one of many reasons to not use GoDaddy hosting.

Once you update the plugin go to your User area and verify that there have not been any users added. If there have been – delete them immediately. Also go to Settings | General and be sure the default user level is Subscriber. If it is not then change it to Subscriber. If either of these settings needed to be changed your site is infected with something. I would get it scanned for malware and viruses and get any issues fixed.

If you are using my Managed WordPress Hosting then this has all been done for you – you do not need to worry.