A security flaw leads to forced updates for over one million WordPress users
A WordPress plugin was recently exposed to a security flaw that left users’ websites vulnerable to attack. In order to stop the issue from getting out of hand, WordPress issued forced updates on third-party websites to prevent hackers from exploiting the bug.
The plugin, Loginizer, is a suite by Softaculous that adds many security features to your website, including brute force protection. This protection gives hackers a limited number of unsuccessful login attempts before it blocks them from logging in at all. Brute force hackers try to get into your website by spamming usernames and/or passwords until they get them correct, and Loginizer prevents this. The free verion of the plugin is used by over one million WordPress users.
After a recent update to Loginizer, researcher Slavo Mihajloski discovered the feature could be bypassed using special usernames.
After learning of the issue, Loginizer and WordPress worked together to give updates for users who were exposed to the flaw. Fortunately for many, they were able to resolve many cases quickly without any trouble.
Mihajiloski, who discovered the bug, questioned WordPress’s transparency related to security issues, saying, ”There isn’t any statement or document about who, how and when decides about and performs automatic updates.”
He brings up a good point. Even with their intention to solve a security issue, the situation raises questions regarding the rights of WordPress to update third-party websites without permission. The update they gave involved changing code, and this could be a major breach of rights.
Issues like these are reminders of the inherent vulnerabilities on the internet. Many website owners forget their websites hold valuable information, and having strong security is essential.
Loginizer is now updated and secure. If you have it installed on your website, it’s recommended you update to version 1.6.4.
Facebook removed Trump ad with misleading information On Oct. 27th, Facebook removed an ad endorsed by...
The online discussion board is the latest platform to shut down for good in 2020 On December 15th 2020, Y...
Five preventative measures to protect your brand from memetic media One thing that makes communicatio...