Earlier this month, WordPress.org released a security and maintenance update to the software that addresses a cross-site scripting (XSS) vulnerability present in previous versions. This vulnerability could compromise your site by allowing an attacker to inject malicious code into your site through user forms, and then use your site to pass on the malicious code to your end users. We recommend that you verify your site is running on WordPress 4.4.1, or upgrade to this version as soon as possible, to reduce risks and keep your site secure.
To verify what version of WordPress you are running, go to your Admin Dashboard —> Updates page. There, you will be able to see what version of WordPress you are running, and if you are not running 4.4.1, you should have an update notification on this page. If you need to update, we recommend running a one-off backup of your site before clicking “Update”. One plugin we’ve used and trust for these kinds of backups, is UpdraftPlus (review coming soon!). After backing up your site, you can come back to this page, click “Update”, and you’ll be all set.
If you find that you need help with your upgrade, run into any hiccups, or suspect your site may have undergone an XSS attack, please please contact our support staff and we’ll be happy to help!