This code triggers an automatic update process that downloads a ZIP file from https://simplywordpress[dot]net/captcha/captcha_pro_update.php, then extracts and installs itself over the copy of the Captcha plugin running on site. The ZIP contains a few small code changes from what is in the plugin repository, and it also contains a file called plugin-update.php, which is a … Continue reading “Backdoor in Captcha Plugin Affects 300K WordPress Sites”
WordPress Software — free and open-source content management system (CMS) based on PHP and MySQL that is installed on a web server. WordPress Themes — a collection of files that controls the way the website displays. WordPress Plugins — pieces of software that plugin seamlessly with WordPress software that extends functionality or adds new features. … Continue reading “6 Things Every WordPress Manager Should Know”
WordPress 4.8.2 Security and Maintenance Release was released September 19, 2017 to address several important vulnerabilities and it’s critical that you ensure your WordPress software is updated BEFORE your website starts being exploited.
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. Source: WordPress 4.7.3 Security and Maintenance Release
Thanks for the heads up on this issue Wordfence. Enjoyed reading your In-Depth Analysis of a Criminal Organization Targeting WordPress Websites. Very interesting read and 22.214.171.124 is now blocked. Hard to believe it could be responsible for targetting over 22,000 websites in one week!
The table below shows defacement growth per campaign during the past 24 hours since we published the statistics above. During the past 24 hours we have seen an average growth in defaced pages per campaign of 44%. The total number of defaced pages for all these campaigns, as indexed by Google has grown from 1,496,020 to 1,893,690. That is a 26% increase in total defaced pages in just 24 hours.
If automatic update are enabled and your site has likely been updated to 4.7.2. If automatic updates are not enabled, it’s time to login to WordPress and update the software. Regardless, I strongly suggest you confirm you have the update and test your website make sure that everything is functioning as expected. Remember to back it up … Continue reading “Time To Check Your WordPress Website”