WordPress 4.8.2 became available today. This is a security release for all previous versions, and you need to update your websites immediately. The update fixes 9 security issues.
While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.
WordPress 4.7.5 became available today. The new version addresses 6 security issues affecting WordPress 4.7.4 and earlier releases. It also includes 3 maintenance fixes to the 4.7 release series.
While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.
WordPress 4.7.3 became available today. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. The new version addresses six security issues that may put your website at risk of being hacked.
While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.
WordPress 4.7.2 became available today. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. The new version addresses three security issues that may put your website at risk of being hacked.
While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.
WordPress.org today announced the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues that may put your website at risk of being hacked.
While WordPress performs such releases automatically, it takes time to do it from their end. After all, WordPress powers millions of websites. If your site has not been updated automatically today, do it yourself if you are confident enough or contact us for help.
As part of their regular research audits for their Sucuri Firewall, Sucuri team discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites.
A malicious individual using this bug could (among other things) leak the site’s usernames and hashed passwords. In certain configurations, it can also leak WordPress secret keys.
If you are not using the latest version of this plugin where the vulnerability has been fixed, update it as soon as possible or contact Dusk Owl for help with the update.
In the past four days, researchers from three separate security firms have reported that a large number of legitimate WordPress sites have been hacked to silently redirect visitors to a series of malicious sites. The attack sites host code from the Nuclear exploit kit that’s available for sale in black markets across the Internet. People who visit the WordPress sites using out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer can then find their computers infected with the Teslacrypt ransomware package, which encrypts user files and demands a hefty ransom for the decryption key needed to restore them.
Make sure your WordPress installation, plugins and theme are up to date and the website is locked down with a strong password(s) and preferably two-factor authentication. Look out for signs of being targeted until there is more information available about causes of this new hack.
This is one artist’s story of getting hacked, cleaning her blog after the hack, and what she learned in the process: Lessons I Learned When My Blog Got Hacked. Although Lori’s site is powered by WordPress, most of her article can be applied to any web site.