4 Oct
2015
4 Oct
'15
4:28 p.m.
On 04/10/2015 09:51, Andy Smith wrote:
On 2nd October a customer's compromised Wordpress
install was used
to attempt brute-force logins on another remote site's Wordpress.
This drew an abuse report which is how the original compromise was
discovered.
It's not known at this stage how the customer's Wordpress was
compromised. The site has been disabled.
Was the Wordpress install up-to-date?
While it could have been a weak password or a plugin, it's worth knowing
whether it could just be because they had an old version with a security
vulnerability, or whether there might be a currently unknown security
bug in the latest version.
Thanks
Gavin