WORDPRESS ALERT!!! - Webmasters - Nairaland
Nairaland Forum / Science/Technology / Webmasters / WORDPRESS ALERT!!! (1047 Views)
| WORDPRESS ALERT!!! by jerflakes(m): 5:19pm On May 11, 2015 |
Dear Client, This is an urgent security notification concerning those who have sites built on the WordPress platform. A critical cross-site-scripting (XSS) vulnerability of the WordPress core engine has been announced recently. The vulnerability affects all WordPress versions including the most recent major release (4.2) and has reportedly been fixed in minor security release 4.2.1. The 0-Day vulnerability allows hackers to gain access to core site functions (such as changing passwords, adding administrator users and altering content) and, alternatively, to execute code remotely after a piece of malicious JavaScript code is injected via the comments section. Basically, the hacker is able to post and execute the malicious piece after his first, “harmless” comment is approved by an unsuspecting site administrator. That being said, we strongly recommend updating your WordPress scripts to the most recent version (4.2.1) as soon as possible. This version is already available for automatic update via Softaculous Auto Installer, which is present by default on all our shared and reseller hosting servers and can be accessed through your cPanel account. When performing the update, we recommend you follow WordPress script update instructions in the Official WordPress Codex at https://codex.wordpress.org/Upgrading_WordPress_-_Extended_Instructions. |
| Re: WORDPRESS ALERT!!! by jerflakes(m): 5:21pm On May 11, 2015 |
Cc lalasticlala, ishilove, seun I just received this mail from my webhost. |
| Re: WORDPRESS ALERT!!! by GodMode: 5:35pm On May 11, 2015 |
jerflakes:This happened since April... |
| Re: WORDPRESS ALERT!!! by jerflakes(m): 5:41pm On May 11, 2015 |
| Re: WORDPRESS ALERT!!! by Ben1975(m): 6:05pm On May 11, 2015 |
Hi jerflakes I know it seems a little worrying but this issue of discussion has been around for a while now and since WordPress blogs in general don't have ecommerce you should not get overly anxious about it. Most WordPress blogs if they are making any money are doing so via affiliate programs and paid advertising, so no payments are processed on there sites. So if a hacker does steal a password what is he going to do with it? Steal your articles? Relax be easy. Hackers, if they want to can get into any website in the world no organization is immune not even NASA. But the probability is remote. But in reality its not a big threat, just some scare mongering. Ben Ajose |
(1) (Reply)
Google Will No More Ban Adsense Accounts But Suspends It / Blog/forum Moderators Needed / Please How Can I Get Cheap Domain,i Tried Godaddy But No Paypal Support.
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 11 |