An Important Jetpack Plugin Security Update
A high priority security update to the very popular Jetpack plugin has just been released by its developers.
Since a significant number of our customers use Jetpack on their installs, we decided to bring as much attention to this matter as possible. We suggest that you upgrade to the newest release immediately if you are currently running Jetpack.
If something is holding you or your client(s) on an older version of Jetpack, the WordPress security team has made updates to every affected release of the plugin. Check your current version number by logging into your WordPress dashboard and going to Plugins -> Installed Plugins. Then, grab and install the update from the following list that matches your major version number:
This security update fixes a vulnerability that could allow an attacker to bypass a site’s access controls and publish posts. This bug could also be combined with other attacks to escalate access.
More details on this release are available on the official Jetpack blog.
We have worked with the Jetpack developers to keep the vulnerability from affecting existing WP Engine installs by blocking attacks at the server level. With that being said, we strongly recommend you update Jetpack sooner rather than later.
Thanks for choosing WP Engine!
Update: The Jetpack team has stated that they will start disconnecting users who do not upgrade the plugin to a secure version sometime in the next few hours. If you wait too long to upgrade, your site(s) might lose some Jetpack functionality and require reauthentication before those features come back.
Join the conversation.
There are 3 comments
Tried to update the crap twice today already and it failed and locked up my site with a maintenance page until it timed out. Is it fixed? I will not try it again until it is. I don’t need jetpack that bad.
There appears to have been an issue with downloads from the WordPress.org plugin repository earlier today. It’s likely that was contributing to your upgrade woes.
If you continue to run into issues, please contact our support team and they’ll be happy to help you out!
It might have something to do with your file permissions—this article from our Support Garage might be able to help you. https://wpengine.com/support/file-permissions/
If that doesn’t work, or if you have any questions, please open a ticket or a live chat with our Support Team.