Subscribe to receive notifications of new posts:

Jetpack for WordPress: automatic protection

04/10/2014

2 min read

As we've said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent.

Jetpack

Jetpack is an extremely popular plugin to provide self-hosted blogs with all of the additional functionality that WordPress provide to sites hosted with their own hosted platform at WordPress.com.

Very recently, a serious security flaw in Jetpack was discovered. It has the potential to allow an attacker to complete actions on a blog without having to log in, such as posting. The WordPress team has written about the the problem here.

This problem was assigned the CVE number CVE-2014-0173 and is fixed in Jetpack 2.9.3 released today. Everyone using Jetpack on their WordPress site should update immediately.

Upgrade process

All CloudFlare customers who use WordPress are automatically protected against this bug. We rolled out a Web Application Firewall (WAF) rule that is automatically enabled for all customers (free or paid) to protect against this problem.

Jetpack 2.9.3

Customers using Jetpack should still upgrade immediately, but the WAF rule gives a little breathing space.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
WordPressSpeed & ReliabilityVulnerabilities

Follow on X

Cloudflare|@cloudflare

Related posts

September 29, 2023 1:00 PM

Cloudflare is free of CAPTCHAs; Turnstile is free for everyone

Now that we’ve eliminated CAPTCHAs at Cloudflare, we want to hasten the demise of CAPTCHAs across the internet. We’re thrilled to announce that Turnstile is generally available, and Turnstile’s ‘Managed’ mode is now completely free to everyone for unlimited use. ...