WORDPRESS V 4.7 VULNERABLE TO HACKING – WordPress Hacking
There is currently an extensive attack on WordPress websites that have not been updated to the latest version – resulting in the defacement of millions of websites worldwide over the last few days. Sites which are at risk are using WordPress version 4.7 or 4.7.1. To avoid this and similar vulnerabilities, all WordPress sites should be kept updated.
On Monday 13 February we notified all customers using these vulnerable versions and urged them to update to the latest version, 4.7.2, as a matter of urgency.
Attacks on WordPress sites with REST API flaws have risen dramatically over the past few days. The WordPress REST API is a remote code which allows developers to supply their algorithms to the CMS in a bid to verify that the code updates on the platform are legitimate. Hackers have taken advantage of this remote code to access and alter WordPress websites, defacing millions of web pages.
WordPress acted fast and built a safer version with a built-in security feature which updates automatically and effectively prevents pings and malicious changes in web content. Earlier version of WordPress, v4.7.0 and v4.7.1, are still vulnerable to the attacks because they lack this auto-update security feature.
The best way to ensure that your website is safe from such attacks is to ensure that your website is always running the latest version of WordPress.
For further information, read the Securi blog.
Need help updating and maintaining your current website? Contact us for a FREE quote.
3rd May 2017