Got a WordPress website? You should read this now

The popular CMS is being increasingly targeted by exploiters

WordPress is by far the most popular content management system (CMS), powering almost a quarter of the whole web. It's no surprise therefore that it comes under constant scrutiny from hackers and criminals eager to exploit its growing popularity.

SaaS (Security-as-a-Service) provider Zscaler reported that a number of WordPress-based websites have been compromised with users trying to login to them being served malicious code as part of the login page. Once captured, that data is then sent, in an encrypted format, to the hacker.

Keeping your WordPress website up to date is very often just a matter of allowing the CMS to auto update to the latest version, which is currently 4.2.2.

The latter also solves a flaw that affected the Genericons WordPress package, a vulnerability that uses DOM-based cross-site scripting. What makes it a high-profile flaw is that it potentially affects millions of websites worldwide.

According to David Dede, who was part of the Sucuri team that found the flaw: "The main issue here is the Genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package."

WordPress 4.2.2 solves that weakness as well as another DOM-based vulnerability and more than a dozen other less important bugs.

ABOUT THE AUTHOR

Editor, TechRadar Pro

Désiré (Twitter, Google+) has been musing and writing about technology since 1997. Following an eight-year stint at ITProPortal.com where he discovered the joys of global techfests, developing an uncanny attraction for anything silicon, Désiré now heads up TechRadar Pro.