topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:16 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: If you have a Wordpress site you need to patch it against latest vulnerability  (Read 7319 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Attacks on websites running an outdated version of WordPress are increasing at a viral rate. Almost 2 million pages have been defaced since a serious vulnerability in the content management system came to light nine days ago. The figure represents a 26 percent spike in the past 24 hours.

Screenshot - 2_11_2017 , 8_30_13 AM.png

https://arstechnica....es-affects-2m-pages/

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Depending on how you have your sites set up, they may automatically update.  For safety's sake, I have the ones that I administer set up in this manner.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
That article makes it seem not so bad in the opening paragraph when it talks about it being an exploit for an outdated version of WordPress. Then it says the exploit was fixed only about 2.5 weeks ago.

I do manually check my WordPress sites every so often to make sure they are updated, but that is probably on average about once per month. So yeah, thank goodness for WordPress auto-updates, because if not for that, my sites would probably be vulnerable as well.


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
That article makes it seem not so bad in the opening paragraph when it talks about it being an exploit for an outdated version of WordPress. Then it says the exploit was fixed only about 2.5 weeks ago.

I do manually check my WordPress sites every so often to make sure they are updated, but that is probably on average about once per month. So yeah, thank goodness for WordPress auto-updates, because if not for that, my sites would probably be vulnerable as well.

That was my problem - the fact that my partner put other WP sites on the server that I didn't know about.  And therefore, they weren't checked nor updated.  It's a very big pain, and I definitely see the ramifications of it now.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
That was my problem - the fact that my partner put other WP sites on the server that I didn't know about.

Yikes!!! I would have come completely unwound on that one. I'm not much of an authoritarian - I basically hate rules - But breaking the 'everything must be documented' rule around here is all 5 of the top 3 absolute no-nos.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
That was my problem - the fact that my partner put other WP sites on the server that I didn't know about.

Yikes!!! I would have come completely unwound on that one. I'm not much of an authoritarian - I basically hate rules - But breaking the 'everything must be documented' rule around here is all 5 of the top 3 absolute no-nos.


I felt like coming unwound... but then I remembered that it was his client that allowed us upscale the server by 4 times.  *sigh* the times when you know that you're right, but have to swallow it anyway.  But I get reminded monthly when the bill comes...