WordPress now offers 100-year domain registration
WordPress is offering customers the opportunity to secure a particular domain for as much as a century. The offer is available through a one-time payment of 35,000 euros ($38,000).
According to WordPress, the new service targets families and founders of companies, who want to record their histor... Read more
WordPress security plugin AIOS saved passwords as plain text
The WordPress security plugin All-In-One Security (AIOS) created a security flaw of its own accord. Because of a bug, the tool collected passwords and stored them as plain text in a database.
AIOS for WordPress is installed on more than 1 million websites and provides security for WordPress webs... Read more
WordPress to feature generative Jetpack AI Assistant
WordPress recently introduced the generative Jetpack AI Assistant. With it, users of the CMS environment can now more easily get help writing and editing blogs.
The new tool is offered by Automattic, the owner and developer of the WordPress CMS platform. The now-released generative AI tool compl... Read more
WordPress patches, but plugin remains vulnerable without update
Two WordPress plugins have received updates to fix vulnerabilities. The security-focused Jetpack plugin is managed by Automattic, the company behind WordPress. In that instance, the company opted for a force install: 5 million websites are said to have already been patched.
Another plugin, Gravi... Read more
WordPress to force-install a security update to thousands of websites
To ensure the security of online stores, Automattic, the company that manages WordPress, has announced the forced installation of a security update on hundreds of thousands of websites that use WooCommerce Payments, one of the most popular online store payment gateways.
This update was released ... Read more
WordPress’s parent company acquires ActivityPub plugin
WordPress users can now easily integrate with the Fediverse, thanks to the new ActivityPub for WordPress plugin. Automattic, the company behind WordPress.com and other web publishing tools, recently acquired the plugin and hired its developer, Matthias Pfefferle, to work for the company.
The plu... Read more
WordPress hit with two critical-severity vulnerabilities
Patchstack warns that hackers may exploit two premium add-ons primarily used on real estate websites. The Houzez theme plugin, which costs $69, claims to serve over 35,000 customers in the real estate industry by offering easy listing management and a smooth customer experience.
According to Pat... Read more
More than 11,000 WordPress websites compromised by malicious script
A recent mass infection of nearly 11,000 websites has been discovered by security firm Sucuri. The websites in question use WordPress as their CMS (Content Management System) and have a malicious script injected into legitimate files, including "index.php" and "wp-cron.php."
This script acts as ... Read more
Linux-based malware uses 30 WordPress exploits to inject JavaScript
New Linux-based malware uses 30 vulnerabilities in WordPress plugins to inject malicious JavaScript.
Antivirus vendor Dr. Web reports that the malware comes in two variants capable of attacking Linux-based WordPress sites by exploiting outdated plugins. The first variant found, Linux.BackDoor.Wo... Read more
‘Thousands of WordPress websites use malicious plugins’
Researchers found malicious plugins on nearly 25,000 WordPress websites.
Researchers at the Georgia Institute of Technology discovered 47,337 malicious plugins on 24,931 unique WordPress websites. Each website used two or more infected plugins. 94 percent were actively engaged in malicious acti... Read more