WordPress forces Jetpack security update on five million websites


WordPress developers installed a security update for the Jetpack plugin on five million websites , even though these sites had disabled the automatic installation of updates. Jetpack is a plug-in to backup and restore, block spam, scan for malware, monitor up and downtime, protect against brute force attacks, and enable two-factor authentication.


More than five million WordPress sites use it. The plugin was developed by Automattic, the company behind WordPress.com. A vulnerability in the plugin was recently reported that has now been fixed. The developers fear now that the patch is available attackers will find and exploit the underlying vulnerability.


In collaboration with the WordPress.org Security Team, it was decided to force roll out the security update. Since WordPress version 3.7, WordPress.org has the ability to force-install plugin security updates. Last year , a WordPress developer mentioned that this option has been used many times.


However, not everyone is happy with the mandatory update. For example, several users are complaining on Twitter . "These kinds of updates pose a danger where a system can make arbitrary changes to a site without the user's consent. This is especially dangerous in the hands of a bad actor, or an unwitting system that does something with good intentions but with terrible results has," says internet company NOC.



Previous Post Next Post