WordPress, the ubiquitous blogging and content management system software, has had its share of security issues. The latest involves cross-site scripting and cross-site request forgery vulnerabilities, as well as SQL injection flaws, in WordPress plugins.
WordPress has struggled in recent weeks with a spate of security issues ranging from malware infections to denial-of-service vulnerabilities. It's not a big surprise then that Automattic, the open source development company behind WordPress, acquired security vendor BruteProtect last week for an undisclosed sum.
In a case of colossally bad timing, WordPress is finally getting some love from small business owners as a standalone content management system just as a series of security breaches and malware infections make the news.
At the heart of the problem is a recently patched security flaw in MailPoet, a plugin with over a million downloads.
Security firm Sucuri is warning WordPress admins that a "massive" malware infection is wreaking havoc on WordPress websites. Sites with outdated plugins or weak passwords are particularly at risk.
Blake Callens, CEO of the newly-released content management system PencilBlue, makes no bones that he's set his sights on overtaking WordPress to become the dominant open source CMS option for content providers. Callens says it's "the first online publishing platform to meet all of the market's current needs." Can the company deliver on such a bold statement?
Hackers can hijack a WordPress site through a public Wi-Fi connection because WordPress servers send the "wordpress_logged_in" cookie in plain text, instead of encrypting it.
More than 162,000 WordPress sites were used to launch a large distributed denial of service attack against a target, according to security firm Sucuri.
WordPress is working on writing and editing in place.
WordPress delivered its latest update this week.