In the same week that WordPress announced that the blogging platform powers 14.7 percent of the top million websites worldwide, WordPress also sent out an email to users asking them to change their passwords, amid a lax in security.
The email pointed to a security fix that has caused user passwords to WordPress.com to be stored in a less-than secure way:
â€œWe recently found and fixed a mistake that weâ€™d like to tell you about. Passwords on WordPress.com are saved in a way that makes them extremely secure, such that even our own employees are unable to see your actual password â€“ the one you enter to login to your WordPress.com account.
However, between July 2007 and April 2008, and September 2010 and July 2011, a mistake in one of our systems used to find and correct bugs on WordPress.com accidentally logged some usersâ€™ passwords in a less secure format during registration.â€
Clear to state that there was â€œno evidence that this data was access maliciously or misusedâ€, it asked users to update WordPress passwords.
To apologise, WordPress included a coupon code for all users, to use on a custom domain, a design upgrade, VideoPress or for additional storage space.
WordPress â€” as it stands â€” is used by over 50 million people, either through downloads of the popular blogging software, or through the hosted WordPress.org service. WordPress 3.2, the latest version of the software, has been downloaded over 5.3 million times.
However, WordPress has been the center of controversy surrounding vulnerabilities in its software. Exploits are regularly fixed â€” with hosted WordPress blogs updating automatically.
On Friday, it was discovered that a WordPress exploit was used to attack a U.S. defense contractor. Over a gigabyte of emails and â€™schematicsâ€™ belonging to an unmanned drone manufacturer was stolen by hacktivist group, Anonymous.
A spokesperson for parent company Automattic confirmed the email as genuine, but declined to comment further.
- WordPress powers 14.7 percent of top million sites worldwide
- Anonymous hacks defense contractor: Email data, â€™schematicsâ€™ stolen
- WordPress blogs hacked, redirecting to malware