{"id":198262,"date":"2017-02-10T16:15:43","date_gmt":"2017-02-10T14:15:43","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=198262"},"modified":"2017-02-10T16:20:26","modified_gmt":"2017-02-10T14:20:26","slug":"massive-attack-on-wordpress-sites","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/198262-massive-attack-on-wordpress-sites.html","title":{"rendered":"Massive attack on WordPress sites"},"content":{"rendered":"<p>Attacks on WordPress sites which contain the REST API flaw have increased significantly, with 1.5 million pages defaced.<\/p>\n<p>The WordPress REST API vulnerability allows a remote attacker to craft an HTTP request that pings a REST API endpoint and alters titles and content on the user&#8217;s website.<\/p>\n<p>Exploiting the flaw is trivial\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-67-000-websites-defaced-via-recently-patched-wordpress-bug\/\" target=\"_blank\"><strong>and according to Sucuri<\/strong><\/a>, a few public exploits have been published online since last week.<\/p>\n<p>\u201cEven if the vulnerability affects only WordPress 4.7.0 and 4.7.1 and the CMS has a built-in auto-update feature for security issues, many websites haven&#8217;t been updated,\u201d said Sucuri.<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/attacks-on-wordpress-sites-intensify-as-hackers-deface-over-1-5-million-pages\/\" target=\"_blank\"><strong>Web security firm WordFence said<\/strong><\/a>\u00a0the latest number of compromised pages stands at 1.5 million &#8211; with 20 hacking groups involved in a defacement turf war.<\/p>\n<p>To protect a WordPress site against the attacks, update it to the most recent version (v4.7.2).<\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/software\/188770-wordpress-security-flaw-put-millions-of-websites-at-risk.html\">WordPress security flaw put millions of websites at risk<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Attacks on WordPress sites which contain the REST API flaw have increased significantly, with 1.5 million pages defaced.<\/p>\n","protected":false},"author":23,"featured_media":141744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[41266,32820,9647],"class_list":["post-198262","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-rest-api","tag-sucuri","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/198262"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=198262"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/198262\/revisions"}],"predecessor-version":[{"id":198290,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/198262\/revisions\/198290"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/141744"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=198262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=198262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=198262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}