WordPress 4.0.1 Security Release

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WannaCry Ransomware v0.2 National KE-CIRT-CC Report

In May 2017, a cyber offensive, targeting a variety of organizations and institutions worldwide, disseminated WannaCry ransomware. The ransom note, written in different languages, demanded US$300-600 from the victims to decrypt their files. Infection cases were detected in multiple countries worldwide, including the UK, where several medical institutions were hit, Russia, where governmental offices were affected, Spain, Germany, China, and many others.

ISIS sympathizers exploiting WordPress plugins to hack websites, FBI warns

The Federal Bureau of Investigation warned Tuesday that attackers claiming to be sympathetic to the extremist group ISIS are targeting websites that have vulnerable WordPress plugins.

The content management system has a thriving community of third-party developers who have created some 37,000 plugins, but occasionally security vulnerabilities in one can put a large number of websites at risk.