Wordpress Vulnerability

Caporegime
Joined
25 Jul 2005
Posts
28,851
Location
Canada
http://www.bbc.co.uk/news/technology-38930428

I just saw the article about the major Wordpress vulnerability and it seems my site was affected. One of the most recent posts was hijacked and replaced with a Viagra spam post. I've restored the original post back (and obviously updated Wordpress) but was wondering what else I should be checking, as neither the news article or Wordpress update overview mentioned anything.

Is the exploit an SQL injection, and in which case should all account passwords etc be changed? Should I be looking for bad plugins etc?

Also an FYI for those with Wordpress sites that haven't been updated in the last week or two.
 
I keep my stuff up to date, usually updating every week or two. Unfortunately this was only patched on the 29th and I updated on the 10th. The post was modified on the 6th! There is no way to auto update anything is there?
 
Hmm. Interesting. It's not something I would usually turn off so mine obviously wasn't on by default. I'll have a look and see if I can make it update by default. Thanks.

Edit: there isn't anything in settings, looks like I'm going to need to edit the php file to allow updates.
 
Back
Top Bottom