Automattic, publishers of the WooCommerce plugin, announced the discovery and patch of a critical vulnerability in the WooCommerce Payments plugin.

The vulnerability allows an attacker to gain Administrator level credentials and perform a full site-takeover.

Administrator is the highest permission user role in WordPress, granting full access to a WordPress site with the ability to create more admin-level accounts as well as the ability to delete the entire website.

What makes this particular vulnerability of great concern is that it’s available to unauthenticated attackers, which means that they don’t first have to acquire another permission in order to manipulate the site and obtain admin-level user role.

WordPress security plugin maker Wordfence described this vulnerability:

“After reviewing the update we determined that it removed vulnerable code that could allow an unauthenticated attacker to impersonate an administrator and completely take over a website without any user interaction or social engineering required.”

The Sucuri Website security platform published a warning about the vulnerability that goes into further details.

Sucuri explains that the vulnerability appears to be in the following file:

/wp-content/plugins/woocommerce-payments/includes/platform-checkout/class-platform-checkout-session.php

They also explained that the “fix” implemented by Automattic is to remove the file.

Sucuri observes:

“According to the plugin change history it appears that the file and its functionality was simply removed altogether…”

The WooCommerce website published an advisory that explains why they chose to completely remove the affected file:

“Because this vulnerability also had the potential to impact WooPay, a new payment checkout service in beta testing, we have temporarily disabled the beta program.”

The WooCommerce Payment Plugin vulnerability was discovered on March 22, 2023 by a third party security researcher who notified Automattic.

Automattic swiftly issued a patch.

Details of the vulnerability will be released on April 6, 2023.

That means any site that has not updated this plugin will become vulnerable.

What Version of WooCommerce Payments Plugin is Vulnerable

WooCommerce updated the plugin to version 5.6.2. This is considered the most up to date and non-vulnerable version of the website.

Automattic has pushed a forced update however it’s possible that some sites may not have received it.

It is recommended that all users of the affected plugin check that their installations are updated to version WooCommerce Payments Plugin 5.6.2

Once the vulnerability is patched, WooCommerce recommends taking the following actions:

“Once you’re running a secure version, we recommend checking for any unexpected admin users or posts on your site. If you find any evidence of unexpected activity, we suggest:

Updating the passwords for any Admin users on your site, especially if they reuse the same passwords on multiple websites.

Rotating any Payment Gateway and WooCommerce API keys used on your site. Here’s how to update your WooCommerce API keys. For resetting other keys, please consult the documentation for those specific plugins or services.”

Read the WooCommerce vulnerability explainer:

Critical Vulnerability Patched in WooCommerce Payments – What You Need to Know

Today’s Ask An SEO question comes from Neethu, who asks:

My website is almost 20 years old. There are lots of content. Many of them are not performing well. How do you effectively clean up those content without effecting rankings?

Contrary to what some SEO pros tell you, more content is not always better.

Deciding what content to keep, which content to modify, and which content to throw away is an important consideration, as content is the backbone of any website and is essential for driving traffic, engagement, and conversions.

However, not all content is created equal, and outdated, irrelevant, or underperforming content can hinder a website’s success.

Run A Content Audit

To effectively clean up your website’s content, the first step is to conduct a content audit.

This involves analyzing your site’s content and assessing its performance, relevance, and quality.

You can use various metrics such as traffic, bounce rate, and engagement to identify which pages are performing well and which ones are not.

Once you have identified the pages that are not performing well, it’s important to prioritize them based on their importance to your website.

Pages that are not driving traffic or conversions may need to be prioritized over pages that are not performing well but are still important for your site’s overall goals.

Distinguish Evergreen Vs. Time-Sensitive Content

Additionally, it’s important to consider whether a page is evergreen or time-sensitive.

You can update or repurpose evergreen content over time, while you may need to remove time-sensitive content.

After prioritizing your content, you can decide what action to take with each page.

For pages that are still relevant but not performing well, you may be able to update them with fresh information to improve their performance.

For pages that are outdated or no longer relevant, it may be best to remove them altogether.

When removing content, implement 301 redirects to relevant pages to ensure that any backlinks pointing to the old page are not lost.

Monitor Your Stuff

It’s important to monitor your search engine rankings after cleaning up your content to ensure your changes do not negatively impact your SEO.

But don’t just look at rankings.

Content optimization projects can affect traffic, conversions, navigation, and other items that impact your overall search engine optimization efforts.

Watch Google Analytics closely. If there are traffic declines, you may need to re-evaluate a few changes.

It’s important not to have a knee-jerk reaction, however.

Before you throw out your optimization efforts, be sure that the changes you made are actually what is causing a drop – and make sure those changes are stable within the search engines index.

Remember that it may take some time for your rankings to stabilize after a content cleanup, so it’s important to be patient and monitor your website’s performance over time.

To further optimize your content cleanup, consider using Google Search Console to identify pages with high impressions but low click-through rates.

These pages may benefit from content updates or optimization to improve their performance.

Additionally, consolidating pages that cover similar topics into one comprehensive page can improve user experience and help avoid keyword cannibalization.

Sammanfattningsvis

Cleaning up your website’s content is crucial for maintaining a high-quality site.

By conducting a content audit, prioritizing your content, and deciding whether to keep, update, or remove the content, you can effectively clean up your site without negatively impacting your rankings.

Remember to monitor your rankings and be patient as your site adjust.

Fler resurser: 

Featured Image: Song_about_summer/Shutterstock

Wondering what improvements can you make to boost organic search results and increase ROI?

If you want to be successful in SEO, even after large Google algorithm updates, be sure to:

1. Keep the SEO fundamentals at the forefront of your strategy.
2. Prioritize your SEO efforts for the most rewarding outcomes.
3. Focus on uncovering and prioritizing commercial opportunities if you’re in ecommerce.
4. Dive into seasonal trends and how to plan for them.
5. Get tip 5 and all of the step-by-step how-tos by joining our upcoming webinar.

We’ll share five actionable ways you can discover the most impactful opportunities for your business and achieve maximum ROI.

You’ll learn how to:

• Identify seasonal trends and plan for them.
• Report on and optimize your online share of voice.
• Maximize SERP feature opportunities, most notably Popular Products.

Join Jon Earnshaw, Chief Product Evangelist and Co-Founder of Pi Datametrics, and Sophie Moule, Head of Product and Marketing at Pi Datametrics, as they walk you through ways to drastically improve the ROI of your SEO strategy.

In this live session, we’ll uncover innovative ways you can step up your search strategy and outperform your competitors.

Ready to start maximizing your results and growing your business?

Anmäl dig nu and get the actionable insights you need for SEO success.

Can’t attend the live webinar? We’ve got you covered. Register anyway and you’ll get access to a recording, after the event.