Thousands of WordPress websites have been hacked after a recent disclosure of a vulnerability in WordPress. WordPress delayed the disclosure for over a week and worked with security companies to have a patch ready, yet not all websites have patched and it’s a WordPress Hacker Smorgasbord.
Yet, even though the patch was released thousands of admins didn’t bother to update their websites either by removing the auto update or just not updating. Some admins may disable the auto update so they can run tests on patches prior to updating, yet with such patches a different approached should be deployed to ensure the website is secure.
The famous Linux distribution OpenSUSE (news.opensuse.org) was hacked, just quickly restored without further breaches in others parts of openSUSE’s infrastructure, the CIO reported.
The vulnerability is within the WordPress REST API, that allows an unauthenticated user to delete or modify pages and redirect their visitors to malicious exploits.
The security researcher at Sucuri, stated that they notices multiple campaigns running over the internet trying to find unpatched WordPress websites.
The call to update has been going for some time an if you have not updated to WordPress 4.7.2, then you should do so urgently in addition to checking your website.
This is a clear indication that websites nowadays need multiple layers of security and some suggestions to look into are:
Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops you from getting hacked.Links:
View Plugin on WordPress.org
View WordFence.com website
- iThemes Security (formerly Better WP Security)
Enhance website performance, security, reliability and insightLinks: View CoudFlare Website
Sucuri Firewall offers Website Application Firewall (WAF) & Intrusion Prevention System (IPS)Links:
Sucuri Website SiteCheck (Free Website Scan)
Sucuri Website (Protection and Cleaning Hacked websites)