News

WordPress hardened with XSS, DoS and SSRF fixes

Posted on
WordPress

With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers “strongly encourage” all users to update all their installations of the software to version 3.5.2 immediately. In addition to the fixed vulnerabilities, […]

Uncategorized

WordPress 3.4 update closes important security hole

Posted on

The WordPress developers have released version 3.4.1 of their popular open source publishing platform, fixing a number of bugs and closing security holes, one of which is rated as important. WordPress 3.4, which has already been downloaded 3 million times since being released two weeks ago, contains a important privilege escalation flaw that accidentally allowed […]

Uncategorized

WordPress fixes file upload security problems

Posted on

The H-Security: The developers of the popular open source blog engine WordPress have released a security update for the software. WordPress 3.3.2 fixes unspecified bugs in three external file upload libraries used in the software and other security problems with the application. The bugs affect both WordPress’s current file uploading library Plupload as well as […]

WordPress.com suffers hacker attack – how to change your password

Posted on

Sophos Labs: Millions of blog owners around the world are being advised to consider their password security, after WordPress.com was hacked. To its credit, Automattic – the company behind the WordPress.com blogging platform – didn’t mince its words or try to apply any spin to the incident, explaining it had suffered a “low-level (root) break-in to […]

Follow up: Hacker Gains Access To WordPress.com Servers, Site Source Code Exposed

Posted on

Follow up from: Hacker Gains Access To WordPress.com Servers Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys […]

Hacker Gains Access To WordPress.com Servers

Posted on

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code. “Tough note to communicate today: Automattic […]

WordPress hit with second big attack in two days

Posted on

CNET wrote: The popular blogging-site hoster WordPress was hit with another distributed denial-of-service attack this morning, the second in two days. “Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected sitewide performance,” the company said in a notice on its Automattic site, which serves as a dashboard for the […]

WordPress Adds Feature for Embedding Tweets

Posted on

Mashable: Months ago, Twitter released a clunky tool called Blackbird Pie for embedding tweets in blog posts. Today WordPress has radically simplified and improved tweet embedding with a new feature, also named Twitter Blackbird Pie. Beginning today, WordPress.com users simply need to copy a tweet’s URL and paste it on a line by itself to […]

Microsoft Kills Live Space blogs

Posted on

Microsoft announced that it has collaborated with WordPress and now onwards it will be the default blogging platform for Windows Live users. This means Microsoft is killing it’s own blogging platform and suggesting users to go for better platform called ‘WordPress’. In TechCrunch Disrupt conference, Windows Live Director ‘Dharmesh Mehta’ announced that all existing Windows […]

WordPress and PHP-based management systems under attack?

Posted on

A variety of sources are reporting that blog hosting sites with WordPress-created sites and php-based management systems such as Zen Care eCommerce are being infected with malicious scripts. Websites hosted by ISP DreamHost, GoDaddy, Bluehost and Media Temple have been found with the malcode, according to H-Online.com. The malicious scripts download malcode and block Google’s […]