WordPress Plugin Flaw Results in Forced Updates

Holden Harris . Nov 20, 2020

Security Flaws

A security flaw leads to forced updates for over one million WordPress users

 

A WordPress plugin was recently exposed to security flaw that left users websites vulnerable to attack. In order to stop the issue from getting out of hand, WordPress issued forced updates on third-party websites to prevent hackers from exploiting the bug.  

The plugin, Loginizer, is a suite by Softaculous that adds many security features to your website, including brute force protectionThis protection gives hackers a limited number of unsuccessful login attempts before it blocks them from logging in at all. Brute force hackers try to get into your website by spamming usernames and/or passwords until they get them correct, and Loginizer prevents this. The free verion of the plugin is used by over one million WordPress users.  

After a recent update to Loginizer, researcher Slavo Mihajloski discovered the feature could be bypassed using special usernames.  

After learning of the issue, Loginizer and WordPress worked together to give updates for users who were exposed to the flaw. Fortunately for many, they were able to resolve many cases quickly without any trouble.  

Mihajiloski, who discovered the bug, questioned WordPress’s transparency related to security issues, saying, ”There isn’t any statement or document about who, how and when decides about and performs automatic updates.  

He brings up a good pointEven with their intention to solve a security issue, the situation raises questions regarding the rights of WordPress to update third-party websites without permission. The update they gave involved changing code, and this could be a major breach of rights. 

Issues like these are reminders of the inherent vulnerabilities on the internet. Many website owners forget their websites hold valuable information, and having strong security is essential. 

Loginizer is now updated and secure. If you have it installed on your website, it’s recommended you update to version 1.6.4. 

News More

Recommended

Writing note showing Truth In Advertising. Business concept for Practice Honest Advertisement Publicity Propaganda Scribbled and crumbling papers with thick cardboard above wooden table

Misleading Trump Ad Removed Due to New Facebook Restrictions

Facebook removed Trump ad with misleading information   On Oct. 27th, Facebook removed an ad endorsed by...

News , Social , . Nov 26, 2020

LONDON, UK - October 30th 2018: Hand holding a Yahoo logo. Yahoo is an online web service provider

Yahoo Groups to Shut Down Permanently at the End of 2020

The online discussion board is the latest platform to shut down for good in 2020   On December 15th 2020, Y...

News , Social , . Nov 26, 2020

Build your brand

5 Tips to Protect Your Brand from a Memetic Crisis

Five preventative measures to protect your brand from memetic media     One thing that makes communicatio...

More , News , . Nov 26, 2020

Seo Analytics Team It Search Engine Optimization

4 SEO Tools Everyone Should Be Using in 2020

Online tools and plugins every webmaster should have in their arsenal    Looking for the best SEO tools to u...

SEO , News , . Nov 24, 2020