Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»If you have a WordPress W...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Related: About this forum

TygrBright

(20,987 posts) Mon Feb 6, 2017, 01:39 PM Feb 2017

If you have a WordPress Website, PLEASE NOTE: FIX THIS ASAP

>cross-posting in Web & Developers<

The recent 4.7.1 release of WordPress software contained a large hole enabling privilege updating and content injection.

They quietly fixed it with the 4.7.2 release-- 'quietly' because it's so big and so easily-exploitable a hole that anyone with the older version is extremely vulnerable and they were hoping to get as many people updated as possible before doing a public "my bad" that would alert crackers to the fun and easy exploit possibilities.

And, sure enough, as soon as the word got out, thousands of sites that hadn't updated were targeted with varying levels of nastiness.

So please, if you have a WordPress site, check to see you are running 4.7.2, and if you find you have the older version, first check to see if you've been hacked: the clue is usually replacement titles on your posts, sometimes they are also redirect links so DO NOT CLICK on any weird-looking titles. Go to WordPress help forums and find this handy guide: https://codex.wordpress.org/FAQ_My_site_was_hacked

Work it through, and then restore from an older content backup, if you have to.

If you haven't been hacked, update to 4.7.2 immediately and thank your lucky stars.

helpfully,
Bright

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 2 replies, 1532 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
If you have a WordPress Website, PLEASE NOTE: FIX THIS ASAP (Original Post) TygrBright Feb 2017 OP
Thanks for the warning! My site had already updated but it's good to check anyway. csziggy Feb 2017 #1
Welcome to 4.7.3 Sentath Mar 2017 #2

csziggy

(34,189 posts)
1. Thanks for the warning! My site had already updated but it's good to check anyway.
Reply to TygrBright (Original post)
Tue Feb 7, 2017, 12:55 AM
Feb 2017

Some time ago I set my WordPress blog to automatically update. It sends me notices when it does so I can check on updates for the plugins.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Help & Search»Computer Help and Support»If you have a WordPress W...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.