Got a WordPress website? You should read this now
The popular CMS is being increasingly targeted by exploiters
WordPress is by far the most popular content management system (CMS), powering almost a quarter of the whole web. It's no surprise therefore that it comes under constant scrutiny from hackers and criminals eager to exploit its growing popularity.
SaaS (Security-as-a-Service) provider Zscaler reported that a number of WordPress-based websites have been compromised with users trying to login to them being served malicious code as part of the login page. Once captured, that data is then sent, in an encrypted format, to the hacker.
Keeping your WordPress website up to date is very often just a matter of allowing the CMS to auto update to the latest version, which is currently 4.2.2.
The latter also solves a flaw that affected the Genericons WordPress package, a vulnerability that uses DOM-based cross-site scripting. What makes it a high-profile flaw is that it potentially affects millions of websites worldwide.
According to David Dede, who was part of the Sucuri team that found the flaw: "The main issue here is the Genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package."
WordPress 4.2.2 solves that weakness as well as another DOM-based vulnerability and more than a dozen other less important bugs.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.