topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 12:29 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: New WordPress exploit makes it easy to hijack wp sites - fix just released  (Read 6804 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
WordPress just released a critical security update that fixes the 0day vulnerability described below.

The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.

Screenshot - 4_27_2015 , 3_13_31 PM_thumb001.png

http://arstechnica.c...illions-of-websites/

Official fix: https://wordpress.or.../04/wordpress-4-2-1/

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,746
    • View Profile
    • Read more about this member.
    • Donate to Member
One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

That said, I just manually updated to 4.2.1 when I went to write a post on my site. So it's nice to know I'm safe from this particular exploit either way. :-D

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

That said, I just manually updated to 4.2.1 when I went to write a post on my site. So it's nice to know I'm safe from this particular exploit either way. :-D

Yes, I just had the flood of e-mails from my sites letting me know that they were updated.  A nice feeling.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

You can turn it on for plugins and themes, too, if you aren't that concerned about anything breaking (or use a plugin for more control over it). But I would have automatic offsite backups set up before ever thinking about doing something like that. And make sure you are using a child theme for your customizations, or you will lose them.