Lightning Rank - Private Blog Network

  • Home
  • Done 4 You PBN Service
  • Other Services
    • Amazon Associate Audit
    • Editorial Links
    • Buy Expired Domains
  • Contact
    • Affiliates

WordPress v3.3.2 Automatic Update Security Threat Discovered

November 20, 2015 By Jon Gillham Leave a Comment

A security threat has been found in the automatic update feature of WordPress with net-security.org alleging that over 1’000+ WordPress powered websites have been affected thus far due to the vulnerability. Affected sites are said to redirect the visitor to affiliate, malware, pay-per-click re-directors, and low quality PPC search result aggregators.

The security vulnerability was discovered by Denis Sinegubko, the founder of the helpful Unmask Parasites website.

Sometimes I see how webmasters misinterpret the importance of upgrades for WordPress security. They expect that if they upgrade a hacked blog, it will immediately become clean and secure. Unfortunately it doesn’t work this way. Upgrades can only clean core WordPress files, leaving backdoors, infected themes, plugins and database records intact. That’s why it is important to clean up your site before the upgrade.

Moreover, a few days ago I came across a new massive infection (more than 1,000 currently known infected blogs) that hijacks the “Automatic Update” feature and makes it the event that triggers blog re-infection.

This attack began just before the WordPress 3.3.2 release, and many blogs now actively use the “Automatic Update” option to upgrade their blogs to this new version. For some of them, the upgrades come with a malicious extra.

Read more about this Denis’s findings relating to this security threat on unmaskedparasites.com

Filed Under: Wordpress News Tagged With: automatic update, hacked, security, wordpress security, wordpress security threat discover

Leave a Reply Cancel reply

You must be logged in to post a comment.

Recent Posts

  • What It takes to get to #1 in Google
  • Private Blog Network Building Service in 2016 – Is It Still Worth The Risk?
  • UpThemes Scale Back On Theme Options Within Their WordPress Themes
  • Create A WordPress Login Form Shortcode For Your Blog
  • WooThemes Back Online After Malicious Hack & Further DDoS Attack

Our Team

Jon Gillham

Father, Husband and mechanical engineer. Jon has the easy job he builds and tests systems that Kelley, Hmd and their teams execute!
Ahmed Ali

Ahmed is the man that makes sure everything runs smoothly. A true jack of all trades he makes sure each site is built to our high standards!

Copyright © 2023 . Experts at Harnessing the Power of Expired Domains to Help You Outrank Your Competition