WordPress 3.3.2 was released today, and it contains an important security update to keep your site safe.
Our WordPress one-click installer automatically installs the latest version for new sites. If you’ve previously installed WordPress, you should upgrade it right away from within your WordPress Dashboard. (You should always do that when WordPress tells you there’s a new version available.)
Lots of people (and lots of our customers) use WordPress to run their Web sites. This unfortunately means that lots of “hackers” also try to guess the passwords of those sites.
That’s a problem, so we’ve had WordPress login “rate limiting” in place for a long time. When a single IP address tries loading the WordPress “wp-login.php” script many more times than a human would, we temporarily block that IP address from accessing the “wp-login.php” page until the requests stop for a while.
This works pretty well: we’ve blocked literally millions of password attempts this way. However, last week one of our customers had his site hijacked by someone who did indeed simply guess his WordPress password.
Read the rest of this entry »