Overview

Polyfill is a legitimate JavaScript library, which is used to provide backwards compatibility with older web browsers to access new JavaScript features.

pollyfill[.]io was a provider who had provided a CDN service to the code for over a decade, and recently sold the domain to a new owner. This new owner has been injecting malicious code into the original JavaScript, meaning every site using the library direct from the .io URL (as well as a few others) may be redirecting customers to malicious sites.

The original author of the pollyfill code has stated to remove it immediately. It’s only required to provide compatibility to really old browsers and therefore likely no longer required.

If your site has been flagged, it’s likely that it’s not being kept up-to-date and could contain other security risks as well.

What do I need to do?

In most instances, having this file on your website is a sign that your website is out-of-date and that updates aren’t being applied. Like software installed on your PC, it requires updates in order to stay secure as well as performant. To fix, you’ll need to:

  1. Ensure all plugins, themes and/or extensions for your website have been updated (some paid versions may require a license).
  2. If it’s a custom theme or website, contact your developer to complete the changes.

Conetix can provide these updates as a service using our Managed WordPress plan, where we take care of the updates for you.

Further Reading

Was this article helpful?