50,000 sites hacked through WordPress plug-in vulnerability

[Ohso]

Make sure your wordpress and or its plugins are up-to-date!

A critical vulnerability found recently in a popular newsletter plug-in for WordPress is actively being targeted by hackers and was used to compromise an estimated 50,000 sites so far.
http://www.pcworld.com/article/2458...d-through-wordpress-plugin-vulnerability.html

 

[Livewire]

Update your themes as well (lots of folks forget that the theme can contain php code too), and think carefully about what plugins you have - the more plugins you have, the more risk there is, since not all plugins are programmed by users who actually know and understand security. If a plugin isn't absolutely critical to the blog, ditching it prevents exploitation for a security hole.

This is coming from the abuse compliance officer who's had to tell more than a handful of users over the years that their compromises were so destructive the site could not be saved. If it's not needed, ditch it, and for the love of the sacred MAKE BACKUPS so you don't have to start from nothing more than a fresh install with a broken database.



Side note, if anyone reading this is on a Wordpress version more than about 2 versions old (I.E. 3.9.2 or earlier), put some serious debate into reinstalling the install from fresh, vendor supplied files rather than just updating. There's a lot of "old" hacks popping up recently that I've seen where users were actually compromised several weeks or months ago, but the malicious shells uploaded were left to sit until more recently when the hackers decided to attempt to use them. Patching the old install won't fix a compromise that's already happened.

 

[karan_112847]

That was a huge number. I reset all passwords after that happened.
Royal rumble live streaming