WordPress suffers root level hack

WordPress source code may be in the hands of the bad guys, after the blogging service saw its servers hacked.


WordPress.com was on the wrong end of a root level attack this week, although the fallout could have been significantly worse than it was, according to a security expert.

Hackers gained root level access to servers at WordPress' parent company Automattic, meaning "potentially anything on those servers could have been revealed," WordPress founder Matt Mullenweg admitted on a blog.

Advertisement - Article continues below

He presumed the WordPress source code was copied by hackers, but it appeared "information disclosed was limited."

Mullenweg said there was no evidence user passwords had been taken.

Despite the serious implications of the compromise, one security expert claimed the aftermath could have been much worse for WordPress.

"Although the hackers would have been able to download much of the source code on the servers, possibly including custom-developed code of premium clients of the company, WordPress appears to have followed best practice and encrypted the password files, as well as private information such as credit card details," said Phil Lieberman, president of identity management specialist Lieberman Software.

"Media reports over the last day or so have played up the hack as if it is the end of the world for the blogging industry, when it plainly isn't. By encrypting user credentials and associated data, WordPress has followed the advice of the IT security professionals," he added.

Advertisement - Article continues below
Advertisement - Article continues below

WordPress was hit by another hack attack just last month, when a huge Distributed Denial of Service (DDoS) strike caused "sporadic slowness" on the site.

"This time around, it looks as though the company has taken a sensible approach to security and reasoned that, even if hackers get through its external defences, as has clearly happened, they can limit the damage that has been done," Lieberman added.

"Other high-profile organisations should take notice [of] this planned defensive strategy."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020