{"id":111121,"date":"2021-10-09T13:03:00","date_gmt":"2021-10-09T18:03:00","guid":{"rendered":"https:\/\/wpengine.com\/?p=111121"},"modified":"2025-05-14T13:32:47","modified_gmt":"2025-05-14T18:32:47","slug":"keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help","status":"publish","type":"post","link":"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/","title":{"rendered":"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help"},"content":{"rendered":"\n<p>A <a href=\"https:\/\/www.cisecurity.org\/advisory\/a-vulnerability-in-wordpress-file-manager-plugin-could-allow-for-remote-code-execution_2020-123\/\" target=\"_blank\" rel=\"noreferrer noopener\">recent zero-day vulnerability<\/a> that affected hundreds of thousands of WordPress sites offers some insight into why a growing number of businesses are looking to managed hosting for WordPress from companies like WP Engine for more than just fast-loading, highly-available websites.\u00a0\u00a0\u00a0\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Went Wrong With File Manager Plugin 6.4?<\/strong><\/h2>\n\n\n\n<p>The critical vulnerability was introduced back in May 2020, in version 6.4 of the popular <a rel=\"noreferrer noopener\" href=\"https:\/\/wordpress.org\/plugins\/wp-file-manager\/\" target=\"_blank\">File Manager plugin<\/a>. The vulnerability was publicly disclosed a few months later, allowing unauthenticated users to access a file that was unintentionally included in the 6.4 release. Those users were then able to execute arbitrary commands to the library, which ultimately left hundreds of thousands of websites vulnerable to a complete takeover by a rogues&#8217; gallery of bad actors.&nbsp;<\/p>\n\n\n\n<p>With more than 600,000 active installations, File Manager is a popular alternative to the long-used File Transfer Protocol, and because the plugin was active on so many sites, the now-patched <a href=\"https:\/\/blog.sucuri.net\/2020\/09\/critical-vulnerability-file-manager-affecting-700k-wordpress-websites.html\" target=\"_blank\" rel=\"noreferrer noopener\">File Manager exploit<\/a> ended up setting off a global hacking spree that sent countless site owners, and security and IT professionals, scrambling for cover.<\/p>\n\n\n\n<p>While many sites were unfortunately breached, the exploit went more or less unnoticed by the majority of WP Engine customers, none of whom were affected by this critical vulnerability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How Managed Hosts for WordPress Offer Protection<\/strong><\/h2>\n\n\n\n<p>Because every site on WP Engine\u2019s platform\u2014<a href=\"https:\/\/wpengine.com\/plans\/\" target=\"_blank\" rel=\"noreferrer noopener\">regardless of plan type<\/a>\u2014is protected by baseline security measures that automatically blocked this particular vulnerability from being exploited, our customers were able to continue operating their businesses without interruption.<\/p>\n\n\n\n<p>In addition to mitigating this and other security vulnerabilities with regular, managed updates for WordPress Core plus security patching, all WP Engine customers benefit from additional security features such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Traffic encryption through SFTP and SSL certificates with <a href=\"https:\/\/wpengine.com\/support\/add-ssl-site\/#Lets_Encrypt_SSL_Certificates\" target=\"_blank\" rel=\"noreferrer noopener\">Let\u2019s Encrypt<\/a>&nbsp;<\/li>\n\n\n\n<li>Access control with user management, Single Sign-On, and Multi-Factor Authentication&nbsp;&nbsp;<\/li>\n\n\n\n<li>Best practices provided by a dedicated security team focused on security engineering, governance, risk, and compliance&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Added Website Security with Global Edge Security<\/strong><\/h2>\n\n\n\n<p>For an added layer of protection, WP Engine also offers <a rel=\"noreferrer noopener\" href=\"https:\/\/wpengine.com\/global-edge-security\/\" target=\"_blank\">Global Edge Security,<\/a> an enterprise-grade solution designed specifically to secure WordPress sites, built together with internet performance and security leader <a rel=\"noreferrer noopener\" href=\"https:\/\/wpengine.com\/global-edge-security\/\" target=\"_blank\">Cloudflare<\/a>.&nbsp;<\/p>\n\n\n\n<p>Global Edge Security combines the intelligence and expertise WP Engine has gained from serving its global customers for more than a decade with Cloudflare\u2019s web application firewall (WAF), distributed denial of service (DDoS) protection, content delivery network (CDN), and its global edge network, which spans across more than 100 countries.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The WP Engine Security Standard<\/strong><\/h2>\n\n\n\n<p>WP Engine has also successfully completed a Service Organization Control (SOC 2\u00ae,) Type II examination for its customer environment and User Portal. The independent audit, conducted by <a href=\"https:\/\/www.armanino.com\/company\/mergers-acquisitions\/holtzman-partners-joins-armanino\/\">Holtzman Partners<\/a>, found that WP Engine meets the SOC 2 standards for Security and Availability Trust Services Categories.<\/p>\n\n\n\n<p>Developed by the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.aicpa.org\/interestareas\/frc\/assuranceadvisoryservices\/aicpasoc2report.html\" target=\"_blank\">American Institute of Certified Public Accountants (AICPA)<\/a>, SOC 2 requires companies to establish and adhere to strict information security policies and procedures, which can include the security, availability, confidentiality, processing integrity, and privacy of customer data. Independent audits against a common standard, such as SOC 2, ensure that WP Engine\u2019s customers know it meets this rigorous, independent standard to securely manage and protect their data. They also have assurances regarding the availability or uptime of WP Engine\u2019s platform.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Managed Hosting for WordPress and Website Security<\/strong><\/h2>\n\n\n\n<p>With all of these solutions in tow, businesses of all sizes, and agencies managing multiple websites, are increasingly leaning on WP Engine&#8217;s <a href=\"https:\/\/wpengine.com\/secure-wordpress-hosting\/\" target=\"_blank\" rel=\"noreferrer noopener\">secure WordPress hosting<\/a> platform for more than just uptime, speed, caching, and support.&nbsp;<\/p>\n\n\n\n<p>Website security is a major priority for <strong><em>every<\/em><\/strong> website\u2014not just those with critical data or compliance needs\u2014and leaning on a <a href=\"https:\/\/wpengine.com\/managed-wordpress-hosting\/\" target=\"_blank\" rel=\"noreferrer noopener\">managed host for WordPress<\/a> that can provide robust security solutions in addition to best-in-class hosting and support has become an increasingly attractive option for any business looking to ensure that every aspect of their digital presence is being taken care of.\u00a0<\/p>\n\n\n\n<p>As mentioned above, the protections provided by the WP Engine managed hosting platform for WordPress automatically blocked the File Manager vulnerability from being exploited, and those protections have helped block numerous other exploits over the years. That said, attackers are constantly looking for new ways to target websites, and as new vulnerabilities are inevitably uncovered, staying ahead of the curve requires a hands-on, active approach.\u00a0\u00a0\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>An Added Layer of Protection Against Plugin Vulnerabilities<\/strong><\/h2>\n\n\n\n<p>While many organizations have dedicated security teams in-house, keeping track of plugin updates and potential vulnerabilities may not be the best use of their time. For leaner teams that don\u2019t have the budget for in-house security support, keeping up with the constantly-evolving threat landscape is a losing proposition.&nbsp;<\/p>\n\n\n\n<p>In outsourcing much of your website maintenance to a managed provider like WP Engine, you not only benefit from websites that perform better, you gain a needed ear-to-the-ground when it comes to emerging security threats, keeping you well ahead of the next vulnerability.&nbsp;<\/p>\n\n\n\n<p><strong><em>Find out more about WP Engine&#8217;s <a href=\"https:\/\/wpengine.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">WordPress hosting<\/a> solution, or <\/em><\/strong><a href=\"https:\/\/wpengine.com\/#sales\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><em>talk to a specialist right now<\/em><\/strong><\/a><strong><em>.<\/em><\/strong>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recent zero-day vulnerability that affected hundreds of thousands of WordPress sites offers some insight into why a growing number of businesses are looking to managed hosting for WordPress from companies like WP Engine for more than just fast-loading, highly-available websites.\u00a0\u00a0\u00a0\u00a0\u00a0 What Went Wrong With File Manager Plugin 6.4? The critical vulnerability was introduced back<span class=\"tile__ellipses\">&hellip;<\/span><span class=\"tile__ellipses--animated\"><\/span><\/p>\n","protected":false},"author":200,"featured_media":111123,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[528,85],"tags":[],"class_list":["post-111121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plugins","category-security-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help | WP Engine<\/title>\n<meta name=\"description\" content=\"Discover why keeping WordPress plugins updated is crucial for security and performance, and how a managed host for WordPress can assist you.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help | WP Engine\" \/>\n<meta property=\"og:description\" content=\"Discover why keeping WordPress plugins updated is crucial for security and performance, and how a managed host for WordPress can assist you.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/\" \/>\n<meta property=\"og:site_name\" content=\"WP Engine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/wpengine\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-09T18:03:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-14T18:32:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2020\/10\/FME_Hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Abe Selig\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wpengine\" \/>\n<meta name=\"twitter:site\" content=\"@wpengine\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abe Selig\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/\",\"url\":\"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/\",\"name\":\"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help | WP Engine\",\"isPartOf\":{\"@id\":\"https:\/\/wpengine.com\/resources\/#website\"},\"datePublished\":\"2021-10-09T18:03:00+00:00\",\"dateModified\":\"2025-05-14T18:32:47+00:00\",\"author\":{\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b732a884dbf4917dcd15ce2e9fbd3652\"},\"description\":\"Discover why keeping WordPress plugins updated is crucial for security and performance, and how a managed host for WordPress can assist you.\",\"breadcrumb\":{\"@id\":\"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wpengine.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wpengine.com\/resources\/#website\",\"url\":\"https:\/\/wpengine.com\/resources\/\",\"name\":\"WP Engine\",\"description\":\"Managed Hosting for WordPress\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wpengine.com\/resources\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b732a884dbf4917dcd15ce2e9fbd3652\",\"name\":\"Abe Selig\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6deb04da8be57a16bed1b5ad7722572beaa7ed7292795763c9324d46b0ad9454?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6deb04da8be57a16bed1b5ad7722572beaa7ed7292795763c9324d46b0ad9454?s=96&d=mm&r=g\",\"caption\":\"Abe Selig\"},\"description\":\"Abe Selig is a writer, amateur musician and accomplished inshore fisherman. He began his career as a journalist and now tells stories about technology and the ways it\u2019s helping businesses thrive. He is an Austin, TX native who has lived in New York City and traveled all around the world. You can reach him at abe.selig@wpengine.com.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help | WP Engine","description":"Discover why keeping WordPress plugins updated is crucial for security and performance, and how a managed host for WordPress can assist you.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help | WP Engine","og_description":"Discover why keeping WordPress plugins updated is crucial for security and performance, and how a managed host for WordPress can assist you.","og_url":"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/","og_site_name":"WP Engine","article_publisher":"https:\/\/www.facebook.com\/wpengine","article_published_time":"2021-10-09T18:03:00+00:00","article_modified_time":"2025-05-14T18:32:47+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2020\/10\/FME_Hero.jpg","type":"image\/jpeg"}],"author":"Abe Selig","twitter_card":"summary_large_image","twitter_creator":"@wpengine","twitter_site":"@wpengine","twitter_misc":{"Written by":"Abe Selig","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/","url":"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/","name":"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help | WP Engine","isPartOf":{"@id":"https:\/\/wpengine.com\/resources\/#website"},"datePublished":"2021-10-09T18:03:00+00:00","dateModified":"2025-05-14T18:32:47+00:00","author":{"@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b732a884dbf4917dcd15ce2e9fbd3652"},"description":"Discover why keeping WordPress plugins updated is crucial for security and performance, and how a managed host for WordPress can assist you.","breadcrumb":{"@id":"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/resources\/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/resources\/"},{"@type":"ListItem","position":2,"name":"Keeping Plugins Updated Is Important, a Managed Host for WordPress Can Help"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/resources\/#website","url":"https:\/\/wpengine.com\/resources\/","name":"WP Engine","description":"Managed Hosting for WordPress","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/resources\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b732a884dbf4917dcd15ce2e9fbd3652","name":"Abe Selig","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6deb04da8be57a16bed1b5ad7722572beaa7ed7292795763c9324d46b0ad9454?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6deb04da8be57a16bed1b5ad7722572beaa7ed7292795763c9324d46b0ad9454?s=96&d=mm&r=g","caption":"Abe Selig"},"description":"Abe Selig is a writer, amateur musician and accomplished inshore fisherman. He began his career as a journalist and now tells stories about technology and the ways it\u2019s helping businesses thrive. He is an Austin, TX native who has lived in New York City and traveled all around the world. You can reach him at abe.selig@wpengine.com."}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts\/111121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/users\/200"}],"replies":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/comments?post=111121"}],"version-history":[{"count":0,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts\/111121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/media\/111123"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/media?parent=111121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/categories?post=111121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/tags?post=111121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}