Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...
The Next Web

Authy releases a WordPress plugin enabling two-factor authentication to better protect against hacking

Authy, the Y Combinator-funded service that aims to better protect data online with two-factor authentication, has released a WordPress plugin so that publishers will feel secure about their blogs. In ...
TechCrunch

Authy Brings Two-Factor Authentication To Self-Hosted WordPress Sites (Updated)

If you run your own WordPress site, chances are you are using a pretty secure password to keep hackers from posting random stories to your blog. Still, even the best password isn’t as good as using ...
Observer

WordPress Update Could Make Life Easier for 20 Percent of the Internet

Matt Mullenweg, WordPress creator. (Photo: Eric Piermont/AFP/Getty Images) Nearly 20 percent of all sites on the Internet are powered by Wordpress (including this one), the open-source content ...
Bleeping Computer

Hackers exploit auth bypass in Service Finder WordPress theme

Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. Administrator privileges in ...
ZDNet

WordPress iOS app leaked authentication tokens

Automattic, the company behind the WordPress.com blogging platform, said it fixed a bug in its official iOS application that might have exposed users' account authentication tokens to third-party ...