In one of the largest mass WordPress hacking seen to date, over 1.5 million WordPress sites have been hacked around the world. Unfortunately, what makes this matter worse is that, for many websites, this was completely avoidable.
A few weeks ago, WordPress, working alongside website security company Securi, had discovered and silently patched a critical flaw in their content management system. They initially did not disclose information about the vulnerability to keep their users safe by not bringing it to the attention of web hackers. When they fixed the problem at the end of last month, WordPress came out and informed users of security updates for three vulnerabilities. Many WordPress websites were automatically updated, however others did not have this automation, instead chosing to test updates before pushing.
As a result, there were hundreds of thousands of attacks made by hackers after the disclosure. According to one source, around 800,000 websites had been compromised within only 48 hours after WordPress informed users of the security updates. WordPress came clean a week following the attacks and explained that there had been a huge vulnerability implemented along with that previous security update, which allowed hackers remote unauthorized access to edit or delete webpages.
According to the most recent reports, over one and a half million websites have now been hacked and that number might be on the rise, due to unaware people electing not to make the update implemented by WordPress. We here at Unidad22 strongly advise that all WordPress site owners who do not have automated updates either turn this on or ensure that WordPress’s most recent security measures are up-to-date. If you feel that your website has been compromised, then please contact us as soon as possible so we can fix the problem.
For all inquires regarding security for your website, please contact us here.