A recently discovered backdoor with brute-forcing capabilities that are used against Joomla- and WordPress-managed blogs has shown, once again, the importance of keeping your content management system updated and secured.
Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
US-CERT has issued an alert regarding the ongoing massive brute-force attacks against WordPress sites, warning users and administrators to keep their installation always updated and to change the username and password for their WordPress accounts - especially if they kept the default "admin" username and use an easy-to-guess, commonly-used password.
WordPress users can finally secure their account(s) with two step authentication.
WordPress 3.5.1, now available for download, is a maintenance and security release for all previous versions that fixes 37 bugs.