Millions of blog owners approximately the worlds are being advised to believe their password security, after WordPress.com was hacked.
To its credit, Automatic – the company behind the WordPress.com blogging platform – didn’t shred its words or attempt to be relevant any spin to the incident, explanation it had suffered a “low-level (root) break-in to several of [its] servers, and potentially no matter which on those servers could have been revealed.”
Automatic’s Matt Mullenweg wrote:
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
Word Press’s gurus carry on examining the security breach, and saying they have taken steps to stop it happening again.
Its value pointing out that the security incident only potentially affect blogs posted on WordPress.com, not sites which have determined to self-host their own Word Press blog using the software from WordPress.org.
So, awaiting we know more, I think it would be sensible for all WordPress.com users to go after the advice – and consider if they are using a secure password. Better safe than sorry, after all.
Here’s how you change your WordPress.com password, if you think it might not be secure.
1) Go to Users / Personal settings
Word Press personal settings
2) Choose a strong, unique password.