Items tagged with WordPress

It would seem that not even GoDaddy can keep all the children of the internet behaving as they should. The very popular internet domain registrar and web hosting giant announced yesterday that its security was compromised last week. GoDaddy announced yesterday that it had discovered on November 17th there was an unauthorized third-party that had gained access to its Managed WordPress hosting environment. The actual security breach began on September 6, 2021 where the unauthorized party used a vulnerability to gain access to customer information. Once identified, GoDaddy launched an investigation with the help of an IT forensics firm and contacted law enforcement. The customer information that... Read more...
Google is on a mission to crumble the third-party cookie infrastructure that the web is largely based on, as it relates to lucrative targeted advertising efforts, and rebuild things with an initiative called FLoC, or Federated Learning of Cohorts. Not without controversy, Google's FLoC ad-tracking has drawn an antitrust probe. In addition, WordPress has proposed treating FLoC as a security threat. Let's back up a moment, shall we? We covered what you need to know about FLoC, but to recap, it is part of an effort at Google to develop open-source "privacy-preserving technologies that make third-party cookies obsolete and enable publishers to keep growing their businesses and keep the web sustainable."... Read more...
As the coronavirus pandemic continues around the world, everyone's lives have changed. The way we work and learn is significantly different now than it was only a few months ago as people shelter in place, and offices and schools around the globe have been forced to move to a distance model. Teaching from home has forced educational institutions everywhere to quickly move to online learning and to implement new systems to support the shift. Security researchers at Check Point Research decided to audit the security of several of the most popular Learning Management Systems (LMS) that are being used to deliver remote education for people of all ages. The researchers say that most independent websites... Read more...
It is estimated that there are over 50,000 WordPress plugins and more than 1.25 billion total plugin downloads. However, not all plugins are created equal. Security researchers recently discovered plugin vulnerabilities that could affect over 400,000 WordPress-based sites. These vulnerabilities were found in the InfiniteWP, WP Time Capsule, and WP Database Reset plugins. The vulnerabilities were fortunately not discovered by attackers. At least 300,000 InfiniteWP Client plugin users could have been affected by one particularly aggravating vulnerability. The plugin is used by administrators who need to oversee several websites. Attackers simply needed to know the username of a site administrator... Read more...
Own a website that runs on WordPress? You'll want to pay attention to this story. Since last week, there's been an ongoing brute-force attack that's targeted stand-alone WordPress installations. Like most login prompts, WordPress' will lock you out for some time after putting in an incorrect password a certain number of times, but there's an easy way to get around that by those who don't mind putting the effort in: use multiple IP addresses. A handful of IPs wouldn't be too worrisome, but this particular attack has been monitored to use up to 90,000 of them. Clearly, there's no simple way for anyone to block such a large number of addresses from their site, and that's hardly an ideal solution... Read more...