WordPress.com Compromised: Hackers Gain Root Access
Hackers compromised multiple servers that support WordPress and have most likely copied some source code. The news recently came from the founding developer of Automattic, which is the parent company of WordPress. Founder of WordPress, Matt Mullenweg wrote that Automattic has reviewed log records to determine how much information was exposed and mentioned that the company was re-evaluating avenues to gain access.
The founder continued to say, “We presume our source code was exposed and copied…While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”
Mullenweg wasn’t able to offer any advice for WP users except to use strong passwords and not to use the same password for multiple websites. In response to a user asking if WordPress stores passwords in plain text or stores hashes of passwords, Mullenweg stated that WordPress uses PHP password hashing framework. Automattic claimed that this intrusion followed the company’s worst DDOS (distributed denial-of-service) attack, which occurred last month. The company confidently stated that they are doing their best to prevent a similar occurrence from happening again.