Automattic, the company behind blogging platform WordPress.com, has suffered an attack that gave hackers complete access to a number of its servers.
WordPress users should take precautions about their passwords, the site's founder Matt Mullenweg said in a blog post on Wednesday. WordPress has nearly 18 million hosted blogs.
"Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed," Mullenweg said, adding that Automattic's source code, which is mainly open source, may have been exposed and copied.
The company uses cryptographic techniques including hashing and salting to make it difficult for hackers to crack WordPress users' password details, Mullenweg said. Nevertheless, people should use strong passwords and make sure not to reuse passwords across different websites, the WordPress founder noted.
The company is investigating the breach and has taken steps to re-secure "avenues used to gain access", he said.
WordPress has been the target of attacks in the past. In March the blogging platform underwent a large-scale denial-of-service attack that affected a number of blogs.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.