Phishing attack disguised as warning from the WordPress security team
A new phishing campaign that aims to install a rogue extension specifically targets administrators of WordPress websites, reports Wordfence. Hackers are allegedly posing as the "WordPress Security Team" in the process.
According to Wordfence, a phishing campaign is underway that targets administ... Read more
Bug in WordPress plugin exposes 600,000 vulnerable websites
A plugin to make WordPress sites load faster is vulnerable to an SQL injection attack. WP Fastest Cache is deployed by more than a million websites. The majority of these sites (600,000) are still running a vulnerable version.
It's easy to see why WP Fastest Cache is so popular: its creators pro... Read more
WordPress owner acquires all-in-one messaging app Texts.com
Automattic, the owner of WordPress and Tumblr, has acquired the all-in-one messaging app Texts.com for $50 million (€47 million). The purpose of the acquisition is to accelerate the messaging app's development.
The acquisition gives Automattic an all-in-one messaging app that merges several ot... Read more
Thousands of hacked WordPress sites redirect visitors to scam sites
Thousands of WordPress websites have fallen victim to a hack on the tagDiv plug-in. Hackers infected this plug-in with the Balada Injector.
155,000 WordPress websites are working with the hacked plug-in, according to figures from EnvatoMarkets. The plug-in in question is necessary to obtain two... Read more
WordPress now offers 100-year domain registration
WordPress is offering customers the opportunity to secure a particular domain for as much as a century. The offer is available through a one-time payment of 35,000 euros ($38,000).
According to WordPress, the new service targets families and founders of companies, who want to record their histor... Read more
WordPress security plugin AIOS saved passwords as plain text
The WordPress security plugin All-In-One Security (AIOS) created a security flaw of its own accord. Because of a bug, the tool collected passwords and stored them as plain text in a database.
AIOS for WordPress is installed on more than 1 million websites and provides security for WordPress webs... Read more
WordPress to feature generative Jetpack AI Assistant
WordPress recently introduced the generative Jetpack AI Assistant. With it, users of the CMS environment can now more easily get help writing and editing blogs.
The new tool is offered by Automattic, the owner and developer of the WordPress CMS platform. The now-released generative AI tool compl... Read more
WordPress patches, but plugin remains vulnerable without update
Two WordPress plugins have received updates to fix vulnerabilities. The security-focused Jetpack plugin is managed by Automattic, the company behind WordPress. In that instance, the company opted for a force install: 5 million websites are said to have already been patched.
Another plugin, Gravi... Read more
WordPress to force-install a security update to thousands of websites
To ensure the security of online stores, Automattic, the company that manages WordPress, has announced the forced installation of a security update on hundreds of thousands of websites that use WooCommerce Payments, one of the most popular online store payment gateways.
This update was released ... Read more
WordPress’s parent company acquires ActivityPub plugin
WordPress users can now easily integrate with the Fediverse, thanks to the new ActivityPub for WordPress plugin. Automattic, the company behind WordPress.com and other web publishing tools, recently acquired the plugin and hired its developer, Matthias Pfefferle, to work for the company.
The plu... Read more