Today, CIO.com and countless other web sites reported on the recently discovered vulnerabilities in WordPress 4.7.1 that allowed hackers to deface millions of pages through the REST API that is included in WordPress. If you aren’t aware, you absolutely need to update your WordPress sites to 4.7.2 if you haven’t already.
In addition to keeping your WordPress patches and plug-in patches current, you really should install a solution such as WordFence as an added layer of security. Be sure to also sign up for their newsletter to stay on top of the latest security news.
In addition to the many WordPress newsletters you could subscribe to, be sure to also set up some Google email alerts on search terms related to WordPress security. Also, I have made Bing my home page and added WordPress as one of my topics of interest so the latest headlines display each time I open my browser.
Which brings me to my final point: spend some time following one of the many quality checklists on the web related to hardening (that is, to make more secure) your WordPress site. One such article appeared on my Bing home page this morning: https://www.thesaleslion.com/a-beginners-guide-to-wordpress-security/.
I’ll link to others in the future, as well as some tools that help you check for vulnerabilities on your site — so you can find them before the bad guys do. Until then, get your sites updated to the latest release, and protect yourself with WordFence.