WP sites across the world hacked

Shop deals on ebay
shop deals on amazon
Advertise with us
Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Morticia

Morticia

Well-known member
Joined
May 22, 2008
Messages
17,771
Reaction score
685
I got this message from WordFence:
Yesterday we published numbers indicating how widespread the defacement campaign is targeting the REST-API vulnerability recently fixed in WordPress 4.7.2.
If you haven’t already updated to WordPress 4.7.2, it is only a matter of time until you are hit by this.
If you want to read the entire blog post here it is.
The other blog post I skimmed related to Chrome stating sites that are not https will be labeled as 'not secure'. Something on my list for next week.
 
Updated WP and have WordFence Pro. Still waiting for the new Striking update. Was supposed to be released January 15 to 20.
 
I already told you about the https thing. Your host has already installed let's encrypt onyour site. You just now need to install Really Simple SSL plugin
takes only a minute to do. If you don't use the https you will notice a note secure note there in Chrome
 
EmptyNest said:
I already told you about the https thing. Your host has already installed let's encrypt onyour site. You just now need to install Really Simple SSL plugin
takes only a minute to do. If you don't use the https you will notice a note secure note there in Chrome.
Click to expand...
EmptyNest said:
I already told you about the https thing. Your host has already installed let's encrypt onyour site. You just now need to install Really Simple SSL plugin
takes only a minute to do. If you don't use the https you will notice a note secure note there in Chrome
Click to expand...
But, don't I also have to update Google Webmaster Tools?
Right now I'm trying to shovel my way out of the house and also get my package prices up to date!
 
Morticia said:
EmptyNest said:
I already told you about the https thing. Your host has already installed let's encrypt onyour site. You just now need to install Really Simple SSL plugin
takes only a minute to do. If you don't use the https you will notice a note secure note there in Chrome.
Click to expand...
EmptyNest said:
I already told you about the https thing. Your host has already installed let's encrypt onyour site. You just now need to install Really Simple SSL plugin
takes only a minute to do. If you don't use the https you will notice a note secure note there in Chrome
Click to expand...
But, don't I also have to update Google Webmaster Tools?
Right now I'm trying to shovel my way out of the house and also get my package prices up to date!
.
Click to expand...
Simple just add a new property and choose https
 
The problem with such vulnerabilities is that they always bring a lot of brute-force attacks and scans of all websites, no matter what version they are using.
So even if you updated at the correct time - the servers are still getting hit by a lot of incoming requests, so that causes another range of issues.
I wish they would wait at least 2 weeks before revealing such vulnerabilities... Oh well...
 

Latest posts

Back
Top