A security flaw in the WordPress blogging software has let hackers attack and deface tens of thousands of sites.

Even after the company's effort to protect its customers, thousands of admins did not bother to update their websites, which are still vulnerable to the critical bug and has already been exploited by hackers.

While WordPress incorporates a default feature that consequently updates unpatched sites, some admins disabled this component for first testing and after that applying patches.

The vulnerability resided in Wordpress REST API that would lead to the creation of new flaws, allowing an unauthenticated attacker to delete pages or modify all pages on unpatched websites and redirect their visitors to malicious exploits and a large number of attacks.

Even though WordPress tried to hide this secret for one week, the number of attacks against the REST API flaw grew in numbers, and it became clear for Sucuri and WordFence that attackers had discovered how to exploit the flaw on sites that were left without an update, although nobody expected this sharp rise in hacked pages in such a short time.

Google also warned WordPress website owners registered in the Google Search Console. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners, but some emails reached WordPress 4.7.2 owners, some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking.

That’s why you need to select a company that provides you with custom-made websites created using the latest programming languages and technologies. 

Interested in having Softimpact design, develop and launch your own Website? Give us a call: +961 1 890888 or check out our website to know more about our responsive web design & development services: http://softimpact.net/services/1/web-design-development