Wordpress News, Articles and Updates

Pair of WordPress plug-ins inject malicious scripts to deliver unwanted ads

Two malicious plug-ins were recently discovered injecting obfuscated JavaScript into WordPress websites to generate advertisements that appear if a visitor clicks anywhere on the page.

Serious DoS flaw spotted in WordPress platform - affects most versions

Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.

Thousands of WP sites hosting combined keylogger/ in-browser crypto miner

Thousands of WordPress websites have been infected with particularly nasty malware, according to researchers.

Hackers target WordPress websites with cryptomining campaign

Hackers have deployed brute force attacks on WordPress websites in order to turn them into cryptocurrency miners. Single botnet thought to be behind massive attack that yielded almost £750,000 for criminals.

Attackers exploit old WordPress to inject code enabling site redirection

Attackers exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.

Hackers scanning for unsecured SSH private keys on WordPress sites

Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.

Critical zero-days found in three popular WordPress plugins

Critical zero-day vulnerabilities in three popular Wordpress plug-ins could allow attackers to completely take over a vulnerable site.

WordPress patches nine security vulnerabilities

WordPress.org released version 4.8.2 of its content management system that fixes nine security issues, five of which involve cross-site scripting (XSS) vulnerabilities.

Ransomware actors turn attention to holding websites hostage

Ransomware actors are looking for new targets. According to security vendor WordFence that target appears to be WordPress-powered websites.

Wordpress hit with torrent attacks and malicious javascript

Dubbed, Sathurbot, the Trojan is disguised in a software torrent containing an apparent installer executable and a small text file.

WordPress pages defaced following patched bug disclosure

More than 100,000 WordPress web pages have been defaced, following last week's public disclosure of a patched vulnerability that allows attackers to remotely modify the content of pages and posts.

Developer raises concerns about MD5 hashing algorithm in Wordpress

As Wordpress plugin developer Wordfence raises concerns about security, Davey Winder asks if there isn't a bigger problem with the continued use of MD5 hashing.

WordPress plugin update leads to thousands of sites exposing users to adware

Paul Bischoff, security and privacy advocate for Comparitech.com is warning website owners who use the Simple Share Buttons plugin for WordPress that clicking to "accept" the terms and conditions of the latest update could allow their websites to subject users to threats.

WordPress update fixes XSS issues

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

WordPress Summer of Pwnage: 64 holes in 21 days

As the Pwnage summer heat rages on, hackers find 64 holes in popular publishing platform, WordPress

Attackers inject code into WordPress header file to redirect users

Researchers are warning WordPress website administrators of a malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect visitors to malicious domains.

WordPress sets up default HTTPS encryption for custom domains

WordPress has turned on HTTPS encryption for every custom domain hosted on WordPress.com. The publishing platform started working with the certificate authority Let's Encrypt to launch a beta rollout of HTTPS earlier this year.

Joomla targeted in WordPress campaign that delivers TeslaCrypt

The cyber gang behind the ongoing WordPress malvertising campaign is now targeting Joomla sites.

ICYMI: £4bn for NHS, Avast ye flaw, phishing in the Amazon, Word up, IP theft

In this week's In Case You Missed It, we recap the most popular stories of the week including NHS digital transformation cash, serious flaw found in Avast secure browser, fake survey is hooking Amazon users, more WordPress malware and businesses suffering theft of intellectual property.

Clean house to keep WordPress infection from coming back again and again

Malware keeps re-infecting sites and installing multiple backdoors in WordPress websites, according to a researcher from Sucuri Security.

New vulnerability found in WordPress XML-RPC infrastructure

A report has surfaced on the Github code repository showing a rough Proof of Concept of a bruteforce attack currently possible on popular blogging platform WordPress.

Ransomware risk from over 140 million websites, researcher warns

Researcher notes big increase in malicious scripts injected into legitimate websites using Neutrino exploit.

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

Neutrino Exploit Kit has been observed targeting CVE-2015-5119, an Adobe Flash Player zero-day vulnerability.

WordPress 4.2.3 released, addresses critical XSS vulnerability

WordPress 4.2.3 was made available on Thursday - the update comes with fixes for a number of bugs, including a potentially dangerous cross-site scripting (XSS) vulnerability.

ICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter

The latest ICYMI column looks at the latest WordPress XSS flaw, costly data breaches and the return of the controversial "Snooper's Charter".

Glasgow choir and Winchester music festival hit by 'unique' cyber-attack

The Glasgow Contemporary Choir and the Blissfields music festival near Winchester are among the innocent victims of what's being described as a 'unique' attack on WordPress-powered websites.

WordPress XSS flaw an example of growing sophistication

A flaw has been found in the genericons WordPress package that creates vulnerabilities in any plug-in or theme which uses it.