A security flaw in the WordPress blogging software has let hackers attack and deface tens of thousands of sites.\nOne estimate suggests more than 1.5 million pages on blogs have been defaced.\nThe security firm that found the vulnerability said some hackers were now trying to use it to take over sites rather than just spoil pages.\nWordPress urged site owners to update software to avoid falling victim.\nFeeding frenzy.\nThe vulnerability is found in an add-on for the WordPress blogging software that was introduced in versions released at the end of 2016.\nSecurity firm Sucuri found the “severe” bug and informed WordPress about it on 20 January.\nIn a blogpost, WordPress said it delayed going public about the flaw so it could prompt hosting firms to update their software to a fixed version.\nThe patched version of WordPress was formally released on 26 January and led to many sites and blogs automatically applying the update.\nHowever, many blogs have not followed suit leaving them open to defacement attacks.\nSecurity firm WordFence said it had seen evidence that 20 hacker groups were trying to meddle with vulnerable sites. About 40,000 blogs are believed to have been hit.\nThe vulnerability had set off a “feeding frenzy” among hacker groups, WordFence founder Mark Maunder told the Bleeping Computer tech news site.\n“During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor,” he added.\nSucuri said some hacker groups had moved on from defacement to attempts to use the bug to hijack sites for their own ends.\n“Attackers are starting to think of ways to monetise this vulnerability,” wrote Sucuri founder Daniel Cid. “Defacements don’t offer economic returns, so that will likely die soon.”\nHackers were keen to use the vulnerable sites as proxies for spam or malware campaigns, he said.
\nWith the rapid evolution of websites being build on Static website generators, and hosted on CDN networks versus servers, the whole issue of hacking and security fixes should go away altogether. At WebriQ we have built a tremendous technology platform enabling anyone with basic HTML knowledge to build a custom made website associated with a custom Content Management Software to update your entire content on the fly. Gone are the days where you needed knowledge of database set-up, plugins, server side scripts and all these complex background exercise that you never use as a website owner. Partner with WebriQ and find out how you can build and manage websites without the fear of being hacked and loosing all your hard work to make your website look the way it does. Gone are the days where you had to worry about databases and servers that could simply ruin the set-up of your website.
\nNice examples of websites being build on the WebriQ platform are Buzzin Brisbane North, Mango Hill Tavern, Gas Certificate and Madcrane .
","frontmatter":{"title":"Wordpress hacking spree sees more then 1 million web pages defaced","date":"February 13, 2017"}}},"pageContext":{"slug":"/wordpress-hacking/","previous":{"fields":{"slug":"/cms-functionality-for-static-websites/"},"frontmatter":{"title":"CMS-functionality for static websites"}},"next":{"fields":{"slug":"/progressive-web-apps/"},"frontmatter":{"title":"Progressive Web APPS - Next step in Responsive Web Design"}}}}