On 04/10/2015 09:51, Andy Smith wrote: > On 2nd October a customer's compromised Wordpress install was used
> to attempt brute-force logins on another remote site's Wordpress.
> This drew an abuse report which is how the original compromise was
> discovered.
>
> It's not known at this stage how the customer's Wordpress was
> compromised. The site has been disabled.
Was the Wordpress install up-to-date?
While it could have been a weak password or a plugin, it's worth knowing
whether it could just be because they had an old version with a security
vulnerability, or whether there might be a currently unknown security
bug in the latest version.
