Items tagged with WordPress

It is estimated that there are over 50,000 WordPress plugins and more than 1.25 billion total plugin downloads. However, not all plugins are created equal. Security researchers recently discovered plugin vulnerabilities that could affect over 400,000 WordPress-based sites. These vulnerabilities were found in the InfiniteWP, WP Time Capsule, and WP Database Reset plugins. The vulnerabilities were fortunately not discovered by attackers. At least 300,000 InfiniteWP Client plugin users could have been affected by one particularly aggravating vulnerability. The plugin is used by administrators who need to oversee several websites. Attackers simply needed to know the username of a site administrator... Read more...
Own a website that runs on WordPress? You'll want to pay attention to this story. Since last week, there's been an ongoing brute-force attack that's targeted stand-alone WordPress installations. Like most login prompts, WordPress' will lock you out for some time after putting in an incorrect password a certain number of times, but there's an easy way to get around that by those who don't mind putting the effort in: use multiple IP addresses. A handful of IPs wouldn't be too worrisome, but this particular attack has been monitored to use up to 90,000 of them. Clearly, there's no simple way for anyone to block such a large number of addresses from their site, and that's hardly an ideal solution... Read more...