In January 2017, a group of 5 Supervillains hacked 1.5 million WordPress pages in a 24 hours period. Completely fixing the vulnerability in WordPress REST API took the WordPress team the following 2 months. In the 6 months following this stunning attack, copycat hackers hacked an additional 2.5 million WordPress pages.

All of these attacks uploaded files to the server and manipulated the database records. This is a full website security breach. The WordPress core team was understandably very quiet and diligent about fixing this…vulnerability. They softly called it an important update and security vulnerability.

WP v4.7.1 to 4.7.5 were all security fixes. Our security team calls it like it is, the largest widespread website hack in history.