Articles about wordpress

Carphone Warehouse cops £400k fine after hack exposed 3 MEEELLION folks’ data

Carphone Warehouse has been handed one of the largest ever fines – a whopping £400,000 – from the UK’s data protection watchdog after exposing the details of millions of its customers. An investigation by the Information Commissioner’s Office found a “striking” number of “distinct and significant inadequacies” in the phone …
Rebecca Hill, 10 Jan 2018
Wordpress logo

WordPress 4.9: This one's for you, developers!

WordPress 4.9 has debuted, and this time the world's most popular content management system has given developers plenty to like. Some of the changes are arguably overdue: syntax highlighting and error checking for CSS editing and cutting custom HTML are neither scarce nor innovative. They'll be welcomed arrival will likely be …
Simon Sharwood, 17 Nov 2017
SQL injection

If your websites use WordPress, put down that coffee and upgrade to 4.8.3. Thank us later

Updated WordPress has a security patch out for a programming blunder that you should apply ASAP. The fix addresses a flaw that can be potentially exploited by hackers to hijack and take over WordPress-powered websites, by injecting malicious SQL database commands. The core installation of WordPress is not directly affected, we're …
Iain Thomson, 31 Oct 2017
Rage

Patch your WordPress plugins: Scum are right now hijacking blogs

The plugin gurus at WordFence have this week found three critical security holes in third-party WordPress extensions that are being actively exploited by hackers to take over websites. The team was investigating a number of hacking attacks that looked unusual and back-traced the intrusions to a PHP object injection …
Iain Thomson, 3 Oct 2017
reverse gear

WordPress has adverse reaction to Facebook's React.js licence

Automattic, the company behind hosting service WordPress.com, has decided to stop using Facebook's React.js library, citing legal concerns. WordPress' founding developer Matt Mullenweg – who also founded WordPress.com – explains the decision by noting that Automattic has used React since 2015, when it put the code to work in …
Simon Sharwood, 18 Sep 2017
Pulling the plug

Interpol unplugs nearly 9,000 Asian command and control networks

An Interpol investigation has revealed a worrying degree of insecurity in south-east Asian countries, with even government-operated web servers infected to operate as command and control systems for bot-herders. The investigation turned up and shut down 9,000 C&C servers across “hundreds” of compromised Websites in Indonesia, …
Smart oven

Fixing your oven can cook your computer

Updated If your Hotpoint cooker or washer's on the blink, don't arrange a repair by visiting the manufacturer's website: the appliance vendor has been inadvertently foisting nastyware onto visitors. As spotted by Netcraft, fake Java update dialogs started appearing on Hotpoint's UK and Republic of Ireland sites this week. If you click …
Simon Sharwood, 19 Apr 2017
Wordpress logo

Put down the coffee, stop slacking your app chaps or whatever – and patch Wordpress

Internet scribblers who use WordPress must update their installation of the publishing tool following the disclosure and patching of six security holes. Version 4.7.3 of the content management system includes fixes for the half dozen flaws that could allow for, among other things, cross-site scripting and request forgery …
Shaun Nichols, 7 Mar 2017
SQL injection

WordPress photo plugin opens 'a million sites' to SQLi database feasting

A critical flaw has been found in the third-party WordPress NextGEN Gallery plugin that is, according to wordpress.org, actively used by more than a million websites. If you're using this plugin, patch now to version 2.1.79 or greater. If you're a cyber-scamp, well, here's a surefire way to compromise a lot of tardy sites. The …
Iain Thomson, 1 Mar 2017
Password

DomainMonster mash: Hundreds of websites vandalized after Brit web host server hacked

Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster. The index.php pages on the attacked sites were rapidly vandalized by miscreants late on Tuesday, with 612 domains and sub-domains overwritten within seconds of each other. Among the websites hit include …
Shaun Nichols, 22 Feb 2017
RomanYa http://www.shutterstock.com/gallery-1222298p1.html

WordPress fixed god-mode zero day without disclosing the problem

Last week's WordPress patch run fixed a then-secret zero day bug that let remote unauthorised hackers edit or delete WordPress pages. The remote privilege escalation and content injection hole hits Wordpress versions 4.7 and 4.7.1 and allows all pages on unpatched sites to be modified, redirecting visitors to exploits and a …
Darren Pauli, 2 Feb 2017
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

WordPress slips out three quick patches

WordPress has fixed three flaws in its content management system, shuttering cross-site scripting and SQL injection bugs three weeks after its last update. The world's most popular content management system, used by some 74.7 million web sites, was open to a SQL injection flaw in WP_Query class that handles database and post …
Team Register, 29 Jan 2017
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

WordPress plugs eight holes in latest release

WordPress has patched a series of vulnerabilities in its content management system shuttering bugs affecting more than 10 million users. The release of version 4.7.1 closes eight vulnerabilities including cross-site scripting, cross-site request forgery, and other remotely-acessible attack vectors. "This is a security release …
Team Register, 13 Jan 2017

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

Up to a quarter of all websites on the internet could have been attacked through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of …
Darren Pauli, 23 Nov 2016
GNU logo

WordPress daddy Matt Mullenweg says Wix.com 'explicitly contravenes the GPL'

WordPress daddy Matt Mullenweg says the editor offered by drag-and-drop website-builder Wix.com “explicitly contravenes the GPL” (GNU General Public License) and “is built with stolen code, so your whole app is now in violation of the license.” Mullenweg made that accusation, and plenty more, in a post that accuses Wix of …
Simon Sharwood, 31 Oct 2016

Safe browsing checks fail as 16,000 WordPress sites hacked this year

At least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid. The world's most popular content management system represented the lion's share of some 21,821 sites studied in the second 2016 Sucuri report on …
Darren Pauli, 23 Sep 2016
fail

TechCrunch defaced by self-professed 'white hat' hackers

Startup tech news blogger TechCrunch appears to have suffered a security breach by online graffiti vandals. The site, which at the time of writing blogs about Google, AOL and various startups nobody's ever heard of before or since, appears to have had one of its bloggers' login credentials compromised. You got pwned Devin …
Gareth Corfield, 26 Jul 2016

WordPress admin? Thinking of spending time with the family? Think again

The Dutch hacking community's Summer of Pwnage (SoP) has disclosed three vulnerabilities in WordPress plugins, including an XSS in the popular Ninja Forms. Since Ninja Forms claims more than 600,000 users, we'll start there: the now-fixed reflected XSS bug allows attackers to inject malicious JavaScript into the victim's …

Create a news alert about wordpress, or find more stories about wordpress.

Biting the hand that feeds IT © 1998–2018