WordPress firm Automattic suffers root-level hack

Summary:Hackers gained administrative privileges to a number of Automattic servers, WordPress founder Matt Mullenweg has said

Automattic, the company behind blogging platform WordPress.com, has suffered an attack that gave hackers complete access to a number of its servers.

WordPress users should take precautions about their passwords, the site's founder Matt Mullenweg said in a blog post on Wednesday. WordPress has nearly 18 million hosted blogs.

"Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed," Mullenweg said, adding that Automattic's source code, which is mainly open source, may have been exposed and copied.

The company uses cryptographic techniques including hashing and salting to make it difficult for hackers to crack WordPress users' password details, Mullenweg said. Nevertheless, people should use strong passwords and make sure not to reuse passwords across different websites, the WordPress founder noted.

The company is investigating the breach and has taken steps to re-secure "avenues used to gain access", he said.

WordPress has been the target of attacks in the past. In March the blogging platform underwent a large-scale denial-of-service attack that affected a number of blogs.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.