Oh dear. Automattic has been hit by some hackers :( This isn’t good news for WordPress.com users. Matt has announced on the WordPress blog that there has been a low-level root break-in and that anything on the server could have been revealed.
The guys at Automattic are working hard to determine what information has been stolen as well as resecuring the server.
From Matt on the WordPress.com blog:
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
As it stands, they do not have any specific advice to users beyond the usual considerations:
- Use a strong password with letters, numbers and punctuation
- Use different passwords for different sites
- If you have the same passwords on different sites make them more secure.
If you are concerned about this issue, Matt has been fielding questions in the comments to his accouncement so head over their to raise any issues.
He did respond to one user that users passwords are hashed with phpass. At the minute they don’t believe that passwords have been stolen but if they were they would be very hard to crack.
Although Automattic are playing down the problem, TechCrunch have reported that all VIP WordPress.com members are on red alert. They have also reported that the hackers may have gained access to API keys, and Twitter and Facebook passwords stored on the server. This means that all VIP members are in the process of changing all of their passwords.
To get a wiki up and running you used to need to install Mediawiki and toil away for days configuring it... not any more! This plugin gives you *all* the functionality you want from a wiki, in WordPress!!!
Find out more
It's now incredibly easy to start your own Q&A site using nothing more than WordPress - The Q&A plugin simply and brilliantly transforms any site, or page, into a perfect support or Q&A environment.
Find out more
Out of all the WordPress ecommerce plugins available, MarketPress has got to be the winner - easy to configure, powerful functionality, multiple gateways and more. A simply brilliant plugin!
Find out more
Now there's no need to pay for a third party service to sign up, manage and send beautiful email newsletters to your subscriber base - this plugin has got the lot.
Find out more
Would you like to add Facebook comments, registration, 'Like' buttons and autoposting to your WP site? Well, The Ultimate Facebook plugin has got that all covered!
Find out more
Fully integrated with the SEOMoz API, complete with automatic links, sitemaps and SEO optimization of your WordPress setup - this is the only plugin you need to help you rank your site number 1 on Google - nothing else compares.
Find out more
Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more
No javascript required, no third part chat engine, just fully featured chat right in your own database on your own WP sites - couldn't be easier.
Find out more
If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more
Thanks for the heads up, Siobhan.
Security has always been a key reason Matt and the team give, for using wordpress.com, rather than go self-hosted.
This just proves that no one is safe, but at least if you are self-hosted, you know the reality of what’s happening and what has been compromised.
Nice post … Nice Info