New WordPress exploit makes it easy to hijack wp sites - fix just released - DonationCoder.com
Welcome Guest.   Make a donation to an author on the site July 02, 2015, 11:36:41 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2015! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: New WordPress exploit makes it easy to hijack wp sites - fix just released  (Read 1125 times)
mouser
First Author
Administrator
*****
Posts: 34,718



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: April 27, 2015, 03:13:57 PM »

WordPress just released a critical security update that fixes the 0day vulnerability described below.

Quote
The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.



http://arstechnica.com/se...ack-millions-of-websites/

Official fix: https://wordpress.org/new.../2015/04/wordpress-4-2-1/
Logged
Deozaan
Charter Member
***
Posts: 6,863



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: April 27, 2015, 03:16:22 PM »

One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

That said, I just manually updated to 4.2.1 when I went to write a post on my site. So it's nice to know I'm safe from this particular exploit either way. :-D
Logged


wraith808
Supporting Member
**
Posts: 7,107



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: April 27, 2015, 03:30:06 PM »

One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

That said, I just manually updated to 4.2.1 when I went to write a post on my site. So it's nice to know I'm safe from this particular exploit either way. :-D

Yes, I just had the flood of e-mails from my sites letting me know that they were updated.  A nice feeling.
Logged

app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,501



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: April 27, 2015, 05:13:05 PM »

One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

You can turn it on for plugins and themes, too, if you aren't that concerned about anything breaking (or use a plugin for more control over it). But I would have automatic offsite backups set up before ever thinking about doing something like that. And make sure you are using a child theme for your customizations, or you will lose them.
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.044s | Server load: 0.37 ]


Share on Facebook
submit to reddit