Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Your new post is loading...
Scoop.it!
Many WordPress sites are at risk of hijack, after cross-site scripting vulnerability uncovered. If you find the similarity in names between wordpress.org and wordpress.com somewhat confusing, you’re not alone. But, in answer to your question, if you’re using wordpress.com you are not at risk. 
No comment yet.
Sign up to comment
Scoop.it!
Thousands of websites are at risk of being exploited by a previously undisclosed vulnerability in a WordPress plugin, which researchers say could be used to inject malicious code into websites.
Gust MEES's insight:
Thousands of websites are at risk of being exploited by a previously undisclosed vulnerability in a WordPress plugin, which researchers say could be used to inject malicious code into websites.
Scoop.it!
A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several
Gust MEES's insight:
A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several
Gust MEES's curator insight,
July 24, 2014 9:25 AM
A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several...
Scoop.it!
Web site security monitoring and malware removal Is my WordPress Site DDOS'ing others? Lately we are seeing many legitimate and clean WordPress sites being misused on DDOS attacks. We explain in more detail in our blog how it can happen. . Example of site being misused: here. If you have any questions, please contact us at labs@sucuri.net or hit us on Twitter - @Sucuri_Security. . ===> Check out if YOUR WordPress site is secure! <===
Gust MEES's insight:
===> Check out if YOUR WordPress site is secure! <===
Gust MEES's curator insight,
March 13, 2014 5:15 PM
===> Check out if YOUR WordPress site is secure! <===
Scoop.it!
Ce bulletin a été rédigé par Vigil@nce : http://vigilance.fr/offre SYNTHÈSE DE LA VULNÉRABILITÉ Un attaquant peut employer plusieurs vulnérabilités de (...) Gravité : 2/4 Date création : 24/01/2014 DESCRIPTION DE LA VULNÉRABILITÉ Plusieurs vulnérabilités ont été annoncées dans WordPress WP-E-Commerce. Un attaquant peut uploader un fichier illicite via save-data.functions.php, afin par exemple de déposer un Cheval de Troie. [grav:2/4] Un attaquant peut utiliser ajax.php, afin d’exécuter du code. [grav:2/4] Un attaquant peut utiliser display-sales-logs.php, afin d’exécuter du code. [grav:2/4] Un attaquant peut utiliser misc.functions.php, afin d’obtenir des informations sensibles. [grav:2/4] Un attaquant peut provoquer un Cross Site Scripting dans swfupload.swf, afin d’exécuter du code JavaScript dans le contexte du site web. [grav:2/4]
Gust MEES's insight:
Scoop.it!
Gust MEES's insight:
WordPress › AntiVirus « WordPress Plugins
Learn more:
- http://gustmees.wordpress.com/2013/06/23/ict-awareness-what-you-should-know/
Gust MEES's curator insight,
November 2, 2013 8:00 PM
WordPress › AntiVirus « WordPress Plugins
Learn more:
- http://gustmees.wordpress.com/2013/06/23/ict-awareness-what-you-should-know/
Training in Business's curator insight,
November 7, 2013 1:37 PM
WordPress › AntiVirus « WordPress Plugins
Scoop.it!
It’s being reported that hackers have seized control of a number of WordPress sites and are launching DDoS attacks against various websites.
Gust MEES's insight:
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Gust MEES's curator insight,
September 27, 2013 4:47 PM
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Scoop.it!
WordPress is one of the most popular content management system (CMS) in use and around 17% of the websites that are present on the internet these days are powered by this CMS.
Gust MEES's insight:
Scoop.it!
Gust MEES's insight:
Scoop.it!
An ongoing brute-force attack on WordPress-based websites has compromised more than 90,000 blogs, but there are simple ways to make sure your blog won't be next to fall.
Gust MEES's insight:
Scoop.it!
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
===> Reinstall WordPress from scratch or revert to a known, safe backup. <===
Gust MEES's insight:
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
- Reinstall WordPress from scratch or revert to a known, safe backup.
Check also:
- http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=WordPress
Gust MEES's curator insight,
April 13, 2013 9:20 AM
According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:
- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).
- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)
- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.
- Reinstall WordPress from scratch or revert to a known, safe backup. Check also: - http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing?tag=WordPress
Scoop.it!
A security vulnerability in the WP Banners Lite plugin for WordPress sites allows an attacker to inject malicious html or javascript code.
Bart van Maanen's curator insight,
March 28, 2013 6:20 AM
Hoe minder plugins, hoe beter, blijft een goede aanbeveling. |
Scoop.it!
A critical security flaw in a plugin called WP-Slimstat is to blame. Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin. On Tuesday, a security advisory posted by researcher Marc-Alexandre Montpas from security firm Sucuri said the "very high risk" vulnerability found in versions of WP-Slimstat 3.9.5 and lower could lead to cyberattackers being able to break the plugin's "secret" key, perform an SQL injection and take over a target website. Learn more: - http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing
Gust MEES's insight:
A critical security flaw in a plugin called WP-Slimstat is to blame. Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin. On Tuesday, a security advisory posted by researcher Marc-Alexandre Montpas from security firm Sucuri said the "very high risk" vulnerability found in versions of WP-Slimstat 3.9.5 and lower could lead to cyberattackers being able to break the plugin's "secret" key, perform an SQL injection and take over a target website. Learn more: - http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing
Scoop.it!
If your website runs on a self-hosted WordPress installation or on Drupal, update your software now.
Gust MEES's insight:
If your website runs on a self-hosted WordPress installation or on Drupal, update your software now.
Scoop.it!
Do you use the popular All in One SEO Pack plugin on your WordPress website? ===> If so, you need to update the plugin as soon as possible to the latest version!!! <===
Gust MEES's insight:
Do you use the popular All in One SEO Pack plugin on your WordPress website? ===> If so, you need to update the plugin as soon as possible to the latest version!!! <===
Scoop.it!
Legitimate sites forced to aid criminals' illicit botnet operations Hackers have hijacked more than 162,000 legitimate WordPress sites, connecting them to a criminal botnet and forcing them to mount distributed denial-of-service (DDoS) attacks, according to security firm Sucuri. Sucuri CTO Daniel Cid said the company uncovered the botnet when analysing an attack targeting one of its customers. Cid said Sucuri managed to trace the source of the attack to legitimate WordPress sites. "The most interesting part is that all the requests were coming from valid and legitimate WordPress sites. Yes, other WordPress sites were sending random requests at a very large scale and bringing the site down," read the blog.
Gust MEES's curator insight,
March 11, 2014 10:42 AM
Gust MEES's curator insight,
March 11, 2014 10:48 AM
Scoop.it!
The issue of hacked WordPress sites continues to persist, as evidenced by one victimized URL being used to host links to thousands if not millions or billions of shady pharmaceutical sites without the knowledge of the owners.
===> And, the team recommended the common-sense step of upgrading WordPress and all plugins to their latest versions. <===
Gust MEES's insight:
===> And, the team recommended the common-sense step of upgrading WordPress and all plugins to their latest versions. <===
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Gust MEES's curator insight,
December 11, 2013 6:39 PM
===> And, the team recommended the common-sense step of upgrading WordPress and all plugins to their latest versions. <===
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Scoop.it!
Automatic updating comes to self-hosted WordPress sites, with the hope of stamping out security vulnerabilities.
Scoop.it!
Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an im...
Gust MEES's insight:
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. Learn more: - http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Gust MEES's curator insight,
September 27, 2013 9:10 AM
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet/?tag=WordPress
Scoop.it!
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs.
===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <===
Gust MEES's insight:
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. ===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <=== The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
Gust MEES's curator insight,
June 21, 2013 5:14 PM
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs.
===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <===
The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
Gust MEES's curator insight,
June 21, 2013 5:15 PM
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs.
===> This is a security release for all previous versions and we strongly encourage you to update your sites immediately. <===
The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
Scoop.it!
Gust MEES's insight:
Scoop.it!
There is a lot of interesting discussion going on at the moment across the interwebs on the intention of the latest string of Brute Force attacks, much of which
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security
Gust MEES's insight:
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security A MUST read to understand the WHY and HOW!!!
Gust MEES's curator insight,
April 13, 2013 9:56 AM
That finding comes from Arbor Networks, which said that attackers had compromised numerous PHP Web applications, such as Joomla, as well as many WordPress sites, many of which were using an outdated version of the TimThumb plug-in. After compromising the sites, attackers then loaded toolkits onto the sites that turned them into DDoS attack launch pads. – Information Week Security
A MUST read to understand the WHY and HOW!!!
Scoop.it!
If you have a web service that supports remote users, you will know that malevolent login attempts are an everyday occurrence.
Scoop.it!
WordPress Pingback Vulnerability Can Be Abused for DDOS Attacks
|
If you find the similarity in names between wordpress.org and wordpress.com somewhat confusing, you’re not alone.
But, in answer to your question, if you’re using wordpress.com you are not at risk.