All websites running WordPress urged to update NOW

Millions of websites running WordPress are being strongly urged to update to the latest version of the popular content management system as soon as possible, after a serious security vulnerability was uncovered.

“Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update.”

Read more… https://www.welivesecurity.com/2017/11/01/wordpress-update-now/

WordPress: block anonymous Rest API access

The most recent version of WordPress ships with new REST API capabilities which plugins, apps, services, or the WordPress core can utilize.

The WordPress development team pushes new features to WordPress all the time. Many of those features improve the functionality of WordPress significantly.

Every now and then though, features get added that are problematic from an admin or user point of view.  The main issue with the bulk of these changes is that they cannot be disabled easily. I have disabled Emojis and XML-RPC here on this site for instance.

Read More … https://www.ghacks.net/2016/12/27/wordpress-block-anonymous-rest-api-access-information-leak/
 

 

How WordPress Ate The Internet in 2016… And The World in 2017

WordPress is the most popular CMS in the world and is used by nearly 75 million websites. According to WordPress, more than 409 million people view more than 23.6 billion pages each month and users produce 69.5 million new posts and 46.8 million new comments every month. It also powers more than 25% of the world’s websites.

Read more… http://www.forbes.com/sites/montymunford/2016/12/22/how-wordpress-ate-the-internet-in-2016-and-the-world-in-2017/

WordPress silently fixes dangerous code injection vulnerability

Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability.

WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes only mentioned fixes for three moderate risk vulnerabilities, one of which did not even affect the platform’s core code.

http://www.csoonline.com/article/3164554/security/wordpress-silently-fixes-dangerous-code-injection-vulnerability.html

 

Airbnb’s Super Bowl ad says ‘we accept’ everyone

Airbnb just aired a Super Bowl ad promoting a message of diversity and acceptance, ending with the statement that “the world is more beautiful the more you accept.” CEO Brian Chesky also tweeted a reference to the commercial, as well as an announcement that the company is aiming to provide short-term housing for 100,000 refugees, disaster survivors, and other displaced people over the next five years. Additionally, Airbnb will donate $4 million to the International Rescue Committee over the next four years.

http://www.theverge.com/2017/2/5/14517708/airbnb-super-bowl-ad-donation-aid

How to keep your WordPress Site protected

WordPress holds the lion’s share (possibly as high as 59.3 percent) of systems used for running business websites online today. Unfortunately, being at the top of the charts in popularity also makes this open-source tool a top hacking target. It makes sense. If you can hack a platform like WordPress,

Read the complete story: http://www.goshennews.com/news/business/how-to-keep-your-wordpress-site-protected/article_b9e4d74b-7143-5c29-8d38-a258a497178c.html

WordPress Websites Being Assaulted Through Fresh 0-Day within Plugin for WP Mobile Detector

Security patch was issued for certain WordPress plugin on 2nd June, 2016 after nearly a week when reports emerged about public assaults exploiting a zero-day flaw.

When the public assaults started, the WP Mobile Detector had to be withdrawn from the Plugin Directory of WordPress. However, on the 2nd, it was

Read the complete story: http://www.spamfighter.com/News-20313-WordPress-Websites-Being-Assaulted-Through-Fresh-0-Day-within-Plugin-for-WP-Mobile-Detector.htm

Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

It may be a good time to update your email password. A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.

 

Read the complete story: http://gizmodo.com/russian-hackers-have-270-million-email-logins-includin-1774848936

How to set up two-step authentication for WordPress.com

Continuing our series on setting up two-factor authentication (2FA), today let’s check out how to get 2FA enabled on your WordPress.com account.

An important thing to note: This guide is specifically for WordPress accounts used via WordPress.com – NOT for self-hosted WordPress sites. (There are 2FA plugins you can install on your self-hosted

Read the complete story: https://nakedsecurity.sophos.com/2016/07/11/how-to-set-up-two-step-authentication-for-wordpress-com/