Tag Archives: security

WordPress Security: Passwords Reset

Posted on by
Reply

A potential security breach last night prompted a response from the WordPress team to reset all passwords across WordPress.org, bbPress.org and BuddyPress.org

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

Matt Mullenweg

I’ve already reset my password as well as changing it to something more secure after the first reset. If you haven’t had a chance to update your information across the mentioned network – please do so.

Another important note is: “if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version”.

See the original article here.

Important Security Update: Upgrade WordPress to 3.0.4

Posted on by
Reply

As per their official announcement:

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

Continue reading