Articles about wordpress

hacker

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then

Website admins are urged to update their WordPress installations as soon as possible to the latest version following a rash of attacks exploiting known vulnerabilities in the web publishing software. Researchers at Malwarebytes say miscreants don't appear to be targeting any one specific bug, but rather a full array of flaws …
Shaun Nichols, 21 Sep 2018

So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks

Bsides Manchester A newly discovered WordPress flaw has left installs of the ubiquitous content management system potentially vulnerable to hacking. A security shortcoming within WordPress's PHP framework can be leveraged by logged-in non-admin users to run arbitrary malicious code and commands on the host servers, infosec consultancy Secarma …
John Leyden, 20 Aug 2018

How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign

Security researchers at Check Point have lifted the lid on the infrastructure and methods of an enormous "malvertising" and banking trojan campaign. The operation delivered malicious adverts to millions worldwide, slinging all manner of nasties including crypto-miners, ransomware and banking trojans. The researchers told The …
John Leyden, 30 Jul 2018
Wordpress logo

WordPress is now 30 per cent of the web, daylight second

The web-watchers at W3Techs have just noted a milestone: WordPress now accounts for 30 per cent of the world's websites. W3Techs crawls the top 10 million websites as determined by Amazon's Alexa rating service and peers into their innards to figure out what they're running, and sells details reports on its findings. It also …

Carphone Warehouse cops £400k fine after hack exposed 3 MEEELLION folks’ data

Carphone Warehouse has been handed one of the largest ever fines – a whopping £400,000 – from the UK’s data protection watchdog after exposing the details of millions of its customers. An investigation by the Information Commissioner’s Office found a “striking” number of “distinct and significant inadequacies” in the phone …
Rebecca Hill, 10 Jan 2018
Wordpress logo

WordPress 4.9: This one's for you, developers!

WordPress 4.9 has debuted, and this time the world's most popular content management system has given developers plenty to like. Some of the changes are arguably overdue: syntax highlighting and error checking for CSS editing and cutting custom HTML are neither scarce nor innovative. They'll be welcomed arrival will likely be …
Simon Sharwood, 17 Nov 2017
SQL injection

If your websites use WordPress, put down that coffee and upgrade to 4.8.3. Thank us later

Updated WordPress has a security patch out for a programming blunder that you should apply ASAP. The fix addresses a flaw that can be potentially exploited by hackers to hijack and take over WordPress-powered websites, by injecting malicious SQL database commands. The core installation of WordPress is not directly affected, we're …
Iain Thomson, 31 Oct 2017
Rage

Patch your WordPress plugins: Scum are right now hijacking blogs

The plugin gurus at WordFence have this week found three critical security holes in third-party WordPress extensions that are being actively exploited by hackers to take over websites. The team was investigating a number of hacking attacks that looked unusual and back-traced the intrusions to a PHP object injection …
Iain Thomson, 3 Oct 2017
reverse gear

WordPress has adverse reaction to Facebook's React.js licence

Automattic, the company behind hosting service WordPress.com, has decided to stop using Facebook's React.js library, citing legal concerns. WordPress' founding developer Matt Mullenweg – who also founded WordPress.com – explains the decision by noting that Automattic has used React since 2015, when it put the code to work in …
Simon Sharwood, 18 Sep 2017
Pulling the plug

Interpol unplugs nearly 9,000 Asian command and control networks

An Interpol investigation has revealed a worrying degree of insecurity in south-east Asian countries, with even government-operated web servers infected to operate as command and control systems for bot-herders. The investigation turned up and shut down 9,000 C&C servers across “hundreds” of compromised Websites in Indonesia, …
Smart oven

Fixing your oven can cook your computer

Updated If your Hotpoint cooker or washer's on the blink, don't arrange a repair by visiting the manufacturer's website: the appliance vendor has been inadvertently foisting nastyware onto visitors. As spotted by Netcraft, fake Java update dialogs started appearing on Hotpoint's UK and Republic of Ireland sites this week. If you click …
Simon Sharwood, 19 Apr 2017
Wordpress logo

Put down the coffee, stop slacking your app chaps or whatever – and patch Wordpress

Internet scribblers who use WordPress must update their installation of the publishing tool following the disclosure and patching of six security holes. Version 4.7.3 of the content management system includes fixes for the half dozen flaws that could allow for, among other things, cross-site scripting and request forgery …
Shaun Nichols, 7 Mar 2017
SQL injection

WordPress photo plugin opens 'a million sites' to SQLi database feasting

A critical flaw has been found in the third-party WordPress NextGEN Gallery plugin that is, according to wordpress.org, actively used by more than a million websites. If you're using this plugin, patch now to version 2.1.79 or greater. If you're a cyber-scamp, well, here's a surefire way to compromise a lot of tardy sites. The …
Iain Thomson, 1 Mar 2017
Password

DomainMonster mash: Hundreds of websites vandalized after Brit web host server hacked

Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster. The index.php pages on the attacked sites were rapidly vandalized by miscreants late on Tuesday, with 612 domains and sub-domains overwritten within seconds of each other. Among the websites hit include …
Shaun Nichols, 22 Feb 2017
RomanYa http://www.shutterstock.com/gallery-1222298p1.html

WordPress fixed god-mode zero day without disclosing the problem

Last week's WordPress patch run fixed a then-secret zero day bug that let remote unauthorised hackers edit or delete WordPress pages. The remote privilege escalation and content injection hole hits Wordpress versions 4.7 and 4.7.1 and allows all pages on unpatched sites to be modified, redirecting visitors to exploits and a …
Darren Pauli, 2 Feb 2017
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

WordPress slips out three quick patches

WordPress has fixed three flaws in its content management system, shuttering cross-site scripting and SQL injection bugs three weeks after its last update. The world's most popular content management system, used by some 74.7 million web sites, was open to a SQL injection flaw in WP_Query class that handles database and post …
Team Register, 29 Jan 2017
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

WordPress plugs eight holes in latest release

WordPress has patched a series of vulnerabilities in its content management system shuttering bugs affecting more than 10 million users. The release of version 4.7.1 closes eight vulnerabilities including cross-site scripting, cross-site request forgery, and other remotely-acessible attack vectors. "This is a security release …
Team Register, 13 Jan 2017

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

Up to a quarter of all websites on the internet could have been attacked through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of …
Darren Pauli, 23 Nov 2016

Create a news alert about wordpress, or find more stories about wordpress.

Biting the hand that feeds IT © 1998–2018