WordPress quickly corrected his mistake, однако владельцы десятков тысяч сайтов не приняли его помощи.
For WordPress The last week was a nightmare. As it turned out in the version 4.7.1 A critical vulnerability has been discovered, which attackers took advantage of with pleasure. The scale of the problems could be less, if not for one small at first glance nuance.
But let's start from the beginning. so here, WordPress version 4.7.1 (and how 4.7) It turned out to be full of holes. Vulnerability was in the REST API interface, which gives you access to all data from the admin panel. In other words, an attacker could spoof content on the page, without any authorization.
In late January, it has been published, version 4.7.2 which was eliminated this problem. In spite of this, - as reported WPzen site - tens of thousands of sites are still vulnerable. Why? Because their administrators to manually disable automatic updates and version 4.7.2. have not received. Most often in fear for, that the next update, It could be worse, or something "spoil".
Claims to WordPress for providing leaky updates and automatic activation of the REST API, fully justified. However, just as much responsibility for the massive attacks are the owners of sites, to disable automatic updates. Much better (in the interest sites) it would be the most common backup. In this case, return the site to its former condition could be at any time.
