New WordPress exploit makes it easy to hijack wp sites - fix just released

[mouser]

WordPress just released a critical security update that fixes the 0day vulnerability described below.

The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.

http://arstechnica.c...illions-of-websites/

Official fix: https://wordpress.or.../04/wordpress-4-2-1/

[Deozaan]

One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

That said, I just manually updated to 4.2.1 when I went to write a post on my site. So it's nice to know I'm safe from this particular exploit either way. :-D

[wraith808]

One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

That said, I just manually updated to 4.2.1 when I went to write a post on my site. So it's nice to know I'm safe from this particular exploit either way. :-D

-Deozaan (April 27, 2015, 03:16 PM)

Yes, I just had the flood of e-mails from my sites letting me know that they were updated.  A nice feeling.

[app103]

One of the nice things about WordPress is that it automatically updates itself with critical security updates, so issues like this get taken care of automatically.

-Deozaan (April 27, 2015, 03:16 PM)

You can turn it on for plugins and themes, too, if you aren't that concerned about anything breaking (or use a plugin for more control over it). But I would have automatic offsite backups set up before ever thinking about doing something like that. And make sure you are using a child theme for your customizations, or you will lose them.