- Server related
- By Catalin Cimpanu
- April 15th, 2016
WordPress Sites Targeted with New Attacks Using C99 PHP Webshell
Unpatched WordPress plugins are to blame, yet again
- Web Blog
- By Catalin Cimpanu
- April 12th, 2016
WordPress 4.5 Available for Download, No REST API Included
WordPress comes with editor improvements, better support for responsive features, and smart image resizing
- Security
- By Catalin Cimpanu
- April 12th, 2016
Gamarue Botnet Uses Hijacked WordPress Sites to Send Spam with JS Payloads
Gamarue/Andromeda botnet evolves with the times
- Security Blog
- By Catalin Cimpanu
- April 8th, 2016
WordPress Enables Free HTTPS for All Blogs Using Let's Encrypt Certificates
All WordPress.com sites can now be fully HTTPS (in theory)
- Web resources
- By Catalin Cimpanu
- April 4th, 2016
WP REST API Won't Be Included in WordPress 4.5 or 4.6, Probably in Version 4.7
WP REST API delayed once again, this time for WordPress 4.7
- Security
- By Catalin Cimpanu
- March 31st, 2016
Black Hat SEO Campaign Uses Fake jQuery Lib and Hacked WordPress & Joomla CMSs
Second black hat SEO campaign comes to light in the last 48h
- Security
- By Catalin Cimpanu
- March 27th, 2016
WordPress Attacked 3.5 Times More Often than Non-CMS Sites
SQL injection attacks grew 3 times year-to-year in H1 2015
- Security
- By Catalin Cimpanu
- March 5th, 2016
Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials
Custom Content Type Manager WP plugin contains a backdoor
- Security Fixes and Improvements
- By Catalin Cimpanu
- February 25th, 2016
Drupal CMS Fixes 10 Security Flaws, Drupal 6 Reaches End of Life
Good bye, Drupal 6, you ol' buddy, it's been fun!
- Security Fixes and Improvements
- By Catalin Cimpanu
- February 24th, 2016
Elegant Themes WordPress Theme Author Fixes Dangerous Vulnerabilities
Attackers could escalate privileges, edit content & settings
- Web resources
- By Catalin Cimpanu
- February 20th, 2016
W3C Starts Work on Something That Looks like the WordPress Pingback System
W3C announces new Webmention specification
- Security
- By Catalin Cimpanu
- February 20th, 2016
TeslaCrypt Ransomware Campaign Extends from WordPress to Joomla Sites
Crooks expand the scope of their operation to include Joomla
- Security
- By Catalin Cimpanu
- February 17th, 2016
26,000 WordPress Sites Leveraged in Layer 7 DDoS Attack
Attackers (ab)used WordPress' pingback utility, again!
- Web resources
- By Catalin Cimpanu
- February 8th, 2016
WordExpress Is Another Attempt at Making WordPress Run on JavaScript
Developer takes his own approach to replacing PHP with JavaScript inside WordPress, different from Automattic
- Incidents
- By Catalin Cimpanu
- February 8th, 2016
Loanbase Hacked Due to WordPress Bug, Loses Customer Bitcoins
Loanbase blames WordPress blog for their data breach
- Security Blog
- By Catalin Cimpanu
- February 5th, 2016
Campaign of Compromised WordPress Websites Now Spreading Ransomware
Campaign operators switch from pushing the Backdoor.Andromeda malware to the TeslaCrypt ransomware instead
- Security Fixes and Improvements
- By Catalin Cimpanu
- February 2nd, 2016
WordPress 4.4.2 Fixes SSRF and Open Redirect Security Issues
Automattic releases WP 4.4.2 to fix two security bugs