At the end of January 2017, WordPress released version 4.7.2 to fix multiple security vulnerabilities. Not long after that, active exploits against these vulnerabilities were detected. Attackers left messages like “by NG689Skw” or “by w4l3XzY3” on the victims’ websites. Here’s a screenshot: You can see that the attacker became “ADMIN” of the WordPress site, and that remote code … Continue reading “WordPress Vulnerabilities Are Being Actively Exploited”