WordPress.com Server Security Breach

The parent company behind WordPress.com, Automattic announced late today that hackers managed to breach security and break into many of the servers that they own, putting all information and the company at risk.

Automattic founder Matt Mullenweg said that the server breach was a low-level root access breach. Matt also said that the company is working over time to comb the data logs and figure out what was stolen from the servers. Automattic is quickly working to patch up any security holes that would be susceptible to this attack in the future.

Automattic wants to make certain that it is very unlikely personal identifiable information was not compromised in the attack today, but the company has yet to complete their full investigation.

On the companies blog Mat Millenweg had this to say, “We presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”

If you are a WordPress.com account holder please keep these fundamentals that Matt has to offer:

  • Use a strong password, meaning something random with numbers and punctuation.
  • Use different passwords for different sites.
  • If you have used the same password on different sites, switch it to something more secure.

This isn’t the first breach of security that WordPress.com has had, back in 2009 WordPress was the subject of a large high-profile attack that was used to exploit the blogging software to create hidden administrator accounts. This breach is much different from the 2009 exploit. If you are on a self hosted WordPress website you are not affected, but the company still wants to encourage users to use a strong and different password for each website.