Wordpress

tripwire.com

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Angry ex-employee blamed for hack of WordPress plugin developer, and email to customers warning of security hole

Users of the popular WordPress translation plugin WPML (also known as WordPress MultiLingual) received an email from a hacker claiming to expose serious security vulnerabilities in the software that allegedly put the customers’ own websites at risk.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Thousands of compromised websites spreading malware via fake updates

Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates.

Read more in my article on the Tripwire State of Security blog.


0 sec read

WordPress update stopped WordPress automatic updates from working. So update now

Automatic updates are a great thing. Just so long as they actually automatically update.


1 min read

bitdefender.com

Keylogger found on thousands of WordPress-based sites, stealing every keypress as you type

While the website’s front-end is digging for cryptocurrencies, the back-end is secretly hosting a keylogger designed to steal unsuspecting users’ login credentials.

Read more in my article on the Hot for Security blog.


0 sec read

welivesecurity.com

All websites running WordPress urged to update NOW

Millions of websites running WordPress are being strongly urged to update to the latest version of the popular content management system as soon as possible, after a serious security vulnerability was uncovered.

Read more in my article on the We Live Security blog.


0 sec read

‘Critical’ zero-day bug found in three popular WordPress plugins

Outdated versions of three popular WordPress plugins suffer from a “critical” zero-day vulnerability that enables an attacker to take over a website.

David Bisson reports.


1 min read

tripwire.com

Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Hacked home routers are trying to brute force their way into WordPress websites

Malicious hackers are seizing control of poorly-protected home routers, and commanding them to launch attacks designed to brute force their way into WordPress websites.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Malicious torrent file conducts distributed WordPress password attack

The Sathurbot backdoor trojan uses the lure of torrents to deliver a distributed brute-force attack against websites with weak WordPress administrator passwords.

David Bisson reports.


1 min read

welivesecurity.com

WordPress webmasters urged to upgrade to version 4.73 to patch six security holes

Another day, another important security update for WordPress.

If your running a self-hosted version of WordPress, you must update the software on your website now.

Read more in my article on the We Live Security blog.


0 sec read

tripwire.com

Over a million websites could be at risk from critical WordPress gallery plugin flaw

Many WordPress-powered websites use dozens of plugins from third parties, meaning it is just as important to keep them updated, and protected against security vulnerabilities as other software on your computers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

welivesecurity.com

100,000+ WordPress webpages defaced as recently patched vulnerability is exploited

Keep your WordPress site updated, or risk having hackers modify the content of any post or webpage.

Read more in my article on the We Live Security blog.


0 sec read

tripwire.com

Ignorance is bliss? An enormous WordPress zero-day has been secretly fixed

A severe zero-day vulnerability has been fixed in WordPress, which – if left unpatched – could allow a malicious attacker to modify the content of any post or page on a WordPress site.

Read more in my article on the Tripwire State of Security blog.


0 sec read

WordPress bloggers ‘strongly encouraged’ to immediately apply security update

With the huge number of sites running WordPress, and the frequency with which attackers exploit vulnerabilities on the platform to launch malicious attacks, it makes sense for self-hosting bloggers to update their systems as soon as possible.


1 min read