Latest WordPress news

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor.
- Catalin Cimpanu
- February 13, 2017
- 07:00 AM
- 0
Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.
- Catalin Cimpanu
- February 09, 2017
- 06:37 PM
- 0
Google Makes WordPress Site Owners Nervous Due to Confusing Security Alerts

For the past few days, Google has been making a lot of webmasters very nervous, as its Google Search Console service, formerly known as Google Webmaster, has been sending out security alerts to people it shouldn't.
- Catalin Cimpanu
- February 09, 2017
- 05:06 PM
- 2
Over 67,000 Websites Defaced via Recently Patched WordPress Bug

WordPress sites that haven't been updated to the most recent version, v4.7.2, released last week, are under attack as four hacking groups are conducting mass defacement campaigns.
- Catalin Cimpanu
- February 07, 2017
- 05:35 AM
- 1
WordPress Team Fixed a Zero-Day Behind Everyone's Back and Told No One

The WordPress security team revealed yesterday they've secretly fixed a zero-day vulnerability in the WordPress CMS, which wasn't initially included in the official announcement.
- Catalin Cimpanu
- February 02, 2017
- 04:32 AM
- 1
2016's Most Popular Web Technologies

The world of web technology changes at a rapid pace. New projects appear daily, and old tools retire to make room for new arrivals. During 2016, the web technology landscape has changed dramatically, with the arrival of AngularJS 2.0, the proliferation of React.js and maturation of several open-source CMS projects.
- Catalin Cimpanu
- January 08, 2017
- 08:20 AM
- 1
Hotbed of Cybercrime Activity Tracked Down to ISP in Ukrainian Region Under Russian Control

More details have surfaced regarding a recent wave of brute-force attacks (dictionary attacks to be more accurate) that have targeted WordPress sites over the past few weeks.
- Catalin Cimpanu
- December 21, 2016
- 05:26 PM
- 0
Ukrainian ISP Behind Over 1.65Mil Daily Brute-Force Attacks on WordPress Sites

Over the past three weeks, the number of brute-force attacks against WordPress sites has almost doubled, according to WordPress security firm WordFence.
- Catalin Cimpanu
- December 19, 2016
- 06:57 AM
- 4
Upcoming WordPress Features Will Require Hosts to Support HTTPS

WordPress creator and Automattic founder Matt Mullenweg announced today that upcoming versions of the WordPress CMS would include features that would require hosts to support HTTPS.
- Catalin Cimpanu
- December 02, 2016
- 10:40 AM
- 0
WordPress Fixes Auto-Update and API Servers Security Flaws

The WordPress team has addressed a security flaw in the API servers responsible for the CMS' update mechanism, which if exploited, would have allowed an attacker to deploy backdoors and malware to 27% of all websites on the Internet.
- Catalin Cimpanu
- November 23, 2016
- 11:53 AM
- 0
WordPress Update Process Puts a Quarter of All Sites on the Internet at Risk

Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, is warning about a series of security issues that affect the update mechanism used by the WordPress CMS.
- Catalin Cimpanu
- November 22, 2016
- 07:12 AM
- 0
WordPress and Joomla Sites Fuel Resurrected SpamTorte Botnet

Crooks are using hacked WordPress and Joomla sites to send massive amounts of spam using a complex botnet structure spread across seven different server layers.
- Catalin Cimpanu
- November 10, 2016
- 07:25 PM
- 0