WordFence Discloses Severe Vulnerabilities Affecting NinjaForms WordPress Plugin

Feb 20, 2021 | Blog, Website Security, WordPress

On January 20, WordFence privately disclosed four serious security vulnerabilities to the developers of Ninja Forms, a popular WordPress plugin used by over 1 million websites. One of these vulnerabilities is rated a 9.9 on the Common Vulnerability Scoring System. A rating of 10 is the most severe score possible on this rating system.

Fortunately, Ninja Forms is maintained by a responsible, dedicated team, and patches for all four vulnerabilities were released by February 8. However, it is now up to WordPress website owners who use this plugin to make sure their websites are patched. 

In a blog post from several years ago, we described a couple of important things all website owners should do to keep their websites secure. One of those tips is to regularly keep CMS software updated.

How to Update Your WordPress Website – Including Plugins like Ninja Forms

WordPress makes software updates easy.  That said, we always recommend taking a full backup before making any changes – including installing any updates. Most of the time, the update will work fine. However, if something does break, you need to have the ability to quickly restore from a good backup.

Once you do have a good backup, the first thing you need to do is to head over to your administrator dashboard. In most cases, that will be at example.com/wp-admin (change example.com to your own URL, of course).

Once you’ve logged in, click on Updates in the left sidebar. From there, just click on the checkbox beside the plugins you want to update, then click the Update Plugins button. Or better yet, click the box beside Select All, to install all of the plugin updates at once!

Note that you’ll probably have to update the WordPress core software separately from your plugins. So make sure you do both from the same page.

We try to update our own customer websites on average between 4-6 times per year. That is a reasonable amount of time to go between updates, and we wouldn’t recommend waiting much longer than this to apply updates to your website. However, we do pay close attention to WordPress security vulnerabilities, and will apply critical updates as quickly as possible.

Need help with your WordPress website?
Barred Owl Web provides Managed WordPress web hosting services. We’ll keep your website updated, and we’ll fix it if it ever gets hacked. Head on over to our services page to find out more and get started.

Contact Us

P.O. Box 21514
Chattanooga, TN 37424