WordPress security vulnerability affecting millions of websites

Posted 13/02/2017 under General.

Last week saw one of the worst Wordpress security incidents in some time, with blogs defaced by a range of hackers via an exploit in recent versions of Wordpress. Find out more about it here…

Last week saw one of the worst WordPress security incidents in some time, with blogs defaced by a range of hackers via an exploit in recent versions of WordPress. Some estimates stated that more than 1.8 million sites were affected.

We have been working with many of our clients under support arrangements to upgrade WordPress to the latest version 4.7.2 which patched the security exploit released by WordPress on 26th January.

The exploit gained publicity and several groups escalated attacks culminating in a huge number of affected websites last week.

The exploit centered around using the WordPress REST API which allowed an unauthenticated user to modify the content of any post or page within a WordPress site.

Upgrading to version 4.7.2 closed the exploit which was present in versions released in December and January. If you self-host, or do not have a support arrangement with us for your WordPress site, please check your WordPress version and get in touch with us if you have any questions.