iThemes, a firm that sells a security plugin for WordPress, suffered a breach of its customer database, which stores passwords in plaintext, reports security blogger Graham Cluley.
In response to the disclosure of data on 5 million Google accounts, WordPress is resetting the passwords on 100,000 of its accounts.
WordPress, the ubiquitous blogging and content management system software, has had its share of security issues. The latest involves cross-site scripting and cross-site request forgery vulnerabilities, as well as SQL injection flaws, in WordPress plugins.
WordPress has struggled in recent weeks with a spate of security issues ranging from malware infections to denial-of-service vulnerabilities. It's not a big surprise then that Automattic, the open source development company behind WordPress, acquired security vendor BruteProtect last week for an undisclosed sum.
In a case of colossally bad timing, WordPress is finally getting some love from small business owners as a standalone content management system just as a series of security breaches and malware infections make the news.
At the heart of the problem is a recently patched security flaw in MailPoet, a plugin with over a million downloads.
Security firm Sucuri is warning WordPress admins that a "massive" malware infection is wreaking havoc on WordPress websites. Sites with outdated plugins or weak passwords are particularly at risk.
Blake Callens, CEO of the newly-released content management system PencilBlue, makes no bones that he's set his sights on overtaking WordPress to become the dominant open source CMS option for content providers. Callens says it's "the first online publishing platform to meet all of the market's current needs." Can the company deliver on such a bold statement?
Hackers can hijack a WordPress site through a public Wi-Fi connection because WordPress servers send the "wordpress_logged_in" cookie in plain text, instead of encrypting it.
More than 162,000 WordPress sites were used to launch a large distributed denial of service attack against a target, according to security firm Sucuri.