Tim S.
Hi Chris,

Thanks for posting your question. I'm more than happy to answer your questions today. I've read the article and it mentions WordPress specifically. This seems to be a breach of WordPress and not a server. We have not seen an influx in attacks or breached websites on our servers. Since this is a third party application with many different configurations, the responsibility falls on the customer to make sure their software and plugins are up-to-date.

The reported numbers of WordPress sites affected only represent a small number of WordPress websites globally. There's over 60 million websites currently running WordPress with 200,000 suffering from this attack. That only accounts for 0.33% of the WordPress sites around the globe.

Also, the article never mentions the methodology that the attackers use to inject the code into WordPress. There's any number of scenarios that this could occur. Since the attack is specific to WordPress, it's highly doubtful that there was any breach in server security.

I've also been monitoring the WordPress website for any news releases or patches. I run a current WordPress site myself and have not seen any patches. Since WordPress is open-source typically, when a security hole is found, it is patched immediately and all WordPress websites will be notified of a patch to the software.

I'm also active daily in the WordPress community helping other developers. I've not seen any threads in the WordPress forums about a mass injection to WordPress sites. In the past, when there has been a security threat to WordPress, you'll see a lot of new threads being created about it.

Our systems administrators monitor all of our servers for threats 24 hours a day 7 days a week. Anytime we any activity that may potentially be threatening is found we do everything we can to mitigate the attacks immediately.

I hope this helps clarify the article a bit more for you. If you have further questions or concerns please feel free to contact us.


Tim S