WordPress sites flaw causes millions of defacement attacks

Posted on: Mon, 13/02/2017

WordPress software has come under attack in the last week due to a security flaw in its software code. 

The flaw resides in the WordPress REST API, causing two new vulnerabilities: Remote privilege escalation and Content injection bugs. The vulnerability allows a remote attacker to alter titles and content on a user's website. 

Hackers have had a field day defacing WordPress sites across the world, with estimates suggesting 2-million pages on around 40 000 blog sits have already been affected.

Sites that have been attacked include Linux distributor Suse's news.opensuse.org, the US Department of Energy-supported jcesr.org, the Utah Office of Tourism's travel.utah.gov, and many more. 

What to do

Owners of WordPress sites are urged to download update 4.7.2 immediately to protect their CMS areas from vulnerability.

The update can be downloaded from https://wordpress.org/download/

Realnet websites

Realnet rarely use WordPress for our websites, partially due to these regular security issues (see our Open Source vs Proprietary CMS article). WordPress is an open source platform, so it's far easier for security issues to be found by hackers. We do occasionally use WordPress Blogs, and all the WordPress sites we host have already been updated. If you have any concerns please contact us.

WordPress sites flaw causes millions of defacement attacks
enlarge image

Subscribe to our Newsletter

* indicates required

Where to start?

If you're not sure where to start, Realnet's completely free website and digital marketing review will point you in the right direction. Our experts conduct a comprehensive analysis of a number of aspects of your website and marketing strategies and will provide you with a free report highlighting areas which are causing you to lose business and make suggestions for improvements that will have a measurable positive impact.


Realnet Ltd

  • The Studio
  • High Green
  • Great Shelford
  • Cambridge
  • Cambridgeshire
  • CB22 5EG
  • United Kingdom

Working Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Friday 09:00 - 17:00
Saturday Closed - except emergency support
Sunday Closed - except emergency support