Just a reminder really, if you use Wordpress, update often, and if you were hosting on GoDaddy, change your password, like yesterday. (Just your little security industry update channel.)
True Wordpress is a goldmine for bug bounty hunters.
Follow the Exploit DB and search for Wordpress to stay up to date with latest exploits & vulnerabilities: https://www.exploit-db.com/
I’ve seen a lot of cases where people install a crazy amount of plugins on their WP site and they’re afraid to update them, or update the WP Core, as they think it will break things. It’s pretty easy to roll back a troublesome plugin to an earlier version, so it’s not much of an excuse to avoid regular updates.
Mostly just the GoDaddy hosting users, not a WP problem per se, although I am aware it’s not an easy to secure tool.
Here is another useful website:
https://www.cvedetails.com
Today I received a mail that my gravatar account was breached.
Gravatar.com let me automatically add a picture and some other information based on my email address. E.g. my first profile picture on the club was from gravatar.com.
When I tried to change my password, I was directed to Wordpress.com. In that web site I successfully changed my password for gravatar.com and wordpress.com.
If I would hosted my website on wordpress.com, then my website could have been taken over.
Thanks for the info !
oh damn I better try fix my gravatar password, it’s been my most awesome thing because every site is sign up for and use the same username it just “gravatrs” me automatically, which is so cool. A wonder they don’t make us pay for that.
I forgot to mention, that I got my email from https://haveibeenpwned.com, where I entered all my email addresses.
Additional Security for WP: two factor and 1Password
The only password you should remember! <3
User: admin
Password: admin
Leave the default admin login
That was a breach from 2020, and was just names and emails – no passwords were compromised.
You are right that the Gravatar password was not retrieved.
My execuses to the community for a too hasty post.
Panic everywhere XD
No worries, we are all human!
I had to check, because gravatar uses your email mailbox itself, an unusual security arrangement. I love it when simple “identity” actually works.