WordPress

WordPress hardened with XSS, DoS and SSRF fixes

With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers “strongly encourage” all users to update all their installations of the software to version 3.5.2 immediately. In addition to the fixed vulnerabilities, …

WordPress hardened with XSS, DoS and SSRF fixes Read More »

WordPress 3.4 update closes important security hole

The WordPress developers have released version 3.4.1 of their popular open source publishing platform, fixing a number of bugs and closing security holes, one of which is rated as important. WordPress 3.4, which has already been downloaded 3 million times since being released two weeks ago, contains a important privilege escalation flaw that accidentally allowed …

WordPress 3.4 update closes important security hole Read More »

WordPress fixes file upload security problems

The H-Security: The developers of the popular open source blog engine WordPress have released a security update for the software. WordPress 3.3.2 fixes unspecified bugs in three external file upload libraries used in the software and other security problems with the application. The bugs affect both WordPress’s current file uploading library Plupload as well as …

WordPress fixes file upload security problems Read More »

WordPress.com suffers hacker attack – how to change your password

Sophos Labs: Millions of blog owners around the world are being advised to consider their password security, after WordPress.com was hacked. To its credit, Automattic – the company behind the WordPress.com blogging platform – didn’t mince its words or try to apply any spin to the incident, explaining it had suffered a “low-level (root) break-in to …

WordPress.com suffers hacker attack – how to change your password Read More »

Follow up: Hacker Gains Access To WordPress.com Servers, Site Source Code Exposed

Follow up from: Hacker Gains Access To WordPress.com Servers Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys …

Follow up: Hacker Gains Access To WordPress.com Servers, Site Source Code Exposed Read More »

Hacker Gains Access To WordPress.com Servers

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code. “Tough note to communicate today: Automattic …

Hacker Gains Access To WordPress.com Servers Read More »

WordPress hit with second big attack in two days

CNET wrote: The popular blogging-site hoster WordPress was hit with another distributed denial-of-service attack this morning, the second in two days. “Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected sitewide performance,” the company said in a notice on its Automattic site, which serves as a dashboard for the …

WordPress hit with second big attack in two days Read More »

WordPress Adds Feature for Embedding Tweets

Mashable: Months ago, Twitter released a clunky tool called Blackbird Pie for embedding tweets in blog posts. Today WordPress has radically simplified and improved tweet embedding with a new feature, also named Twitter Blackbird Pie. Beginning today, WordPress.com users simply need to copy a tweet’s URL and paste it on a line by itself to …

WordPress Adds Feature for Embedding Tweets Read More »

Microsoft Kills Live Space blogs

Microsoft announced that it has collaborated with WordPress and now onwards it will be the default blogging platform for Windows Live users. This means Microsoft is killing it’s own blogging platform and suggesting users to go for better platform called ‘WordPress’. In TechCrunch Disrupt conference, Windows Live Director ‘Dharmesh Mehta’ announced that all existing Windows …

Microsoft Kills Live Space blogs Read More »

WordPress and PHP-based management systems under attack?

A variety of sources are reporting that blog hosting sites with WordPress-created sites and php-based management systems such as Zen Care eCommerce are being infected with malicious scripts. Websites hosted by ISP DreamHost, GoDaddy, Bluehost and Media Temple have been found with the malcode, according to H-Online.com. The malicious scripts download malcode and block Google’s …

WordPress and PHP-based management systems under attack? Read More »