WordPress suffers root level hack

WordPress source code may be in the hands of the bad guys, after the blogging service saw its servers hacked.

WordPress

WordPress.com was on the wrong end of a root level attack this week, although the fallout could have been significantly worse than it was, according to a security expert.

Hackers gained root level access to servers at WordPress' parent company Automattic, meaning "potentially anything on those servers could have been revealed," WordPress founder Matt Mullenweg admitted on a blog.

He presumed the WordPress source code was copied by hackers, but it appeared "information disclosed was limited."

Mullenweg said there was no evidence user passwords had been taken.

Despite the serious implications of the compromise, one security expert claimed the aftermath could have been much worse for WordPress.

"Although the hackers would have been able to download much of the source code on the servers, possibly including custom-developed code of premium clients of the company, WordPress appears to have followed best practice and encrypted the password files, as well as private information such as credit card details," said Phil Lieberman, president of identity management specialist Lieberman Software.

"Media reports over the last day or so have played up the hack as if it is the end of the world for the blogging industry, when it plainly isn't. By encrypting user credentials and associated data, WordPress has followed the advice of the IT security professionals," he added.

WordPress was hit by another hack attack just last month, when a huge Distributed Denial of Service (DDoS) strike caused "sporadic slowness" on the site.

"This time around, it looks as though the company has taken a sensible approach to security and reasoned that, even if hackers get through its external defences, as has clearly happened, they can limit the damage that has been done," Lieberman added.

"Other high-profile organisations should take notice [of] this planned defensive strategy."

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Android apps still vulnerable to a major bug despite an existing patch
Google Android

Android apps still vulnerable to a major bug despite an existing patch

3 Dec 2020
20 Universities targeted by “Shadow Academy” hackers
hacking

20 Universities targeted by “Shadow Academy” hackers

3 Dec 2020
IBM: Hackers are targeting COVID-19 vaccine 'cold chain'
Security

IBM: Hackers are targeting COVID-19 vaccine 'cold chain'

3 Dec 2020
GitHub: Open source vulnerabilities can go undetected for four years
Security

GitHub: Open source vulnerabilities can go undetected for four years

3 Dec 2020

Most Popular

350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020