In the past few weeks, many WordPress blogs have been under a large-scale brute force attack. These attacks use brute-force techniques to log into WordPress dashboards and plant malicious code onto compromised blogs and websites. It’s important to note what these attacks aren’t. They are not compromising WordPress blogs using known vulnerabilities in unpatched versions; if … [Read more...] about Brute-Force WordPress Attacks Affect Thousands of Sites
A growing series of brute force attacks against Wordpress blogs appears to be designed to compromise servers and recruit them into a large botnet that is already comprised of over 90,000 servers. Source: http://krebsonsecurity.com/2013/04/brute-force-attacks-buildwordpress-botnet/ … [Read more...] about Brute force attacks build WordPress botnet . . .
Researchers at Sucuri discovered that WordPress Social Media Widget version 4.0 had malicious code added to it that injects spam advertisements into Web sites and they recommended that over 900,000 users disable or remove the widget. Source: http://www.h-online.com/security/news/item/Social-Media-Widget-for-WordPress-a-source-of-spam-1838405.html … [Read more...] about WordPress Social Media Widget a source of spam