WordPress backup and security service had a security breach; hackers installing malware on hacked sites.
Or Contact us via the chat channel on any page of the BlogVault website or on the BlogVault dashboard.
If you have questions about the security issue we’re currently facing, please click on the button above, for some of the common queries our customers have had.
If your question isn’t here, please do get in touch with us. We’re here to help.
I’m Akshat, the founder of BlogVault. Here at BlogVault we have been committed to providing highly secure backups.
Unfortunately, I am reaching out to let you know that some of the data on our systems may have been exposed. We are investigating the issue, and will ensure to keep you updated as and when we have more details.
Meanwhile, we have undertaken a list of precautionary measures and we’re sharing what we already know with our entire customer base.
What We Are Doing to Secure Your Website
Due to the breach, some of our customers’ websites were accessed without authorization. After further investigation we found out that these sites had been injected with malware. We have taken immediate action and we are extensively scanning all those identified sites. We are also conducting granular analyses of our
Worth reading. This is an update on the hack attack that BlogVault guys suffered earlier on this year. The best part of it is that no data has been breached. Well done to the BlogVault guys for being transparent.
On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results. No Data Breached
In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.
We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.
BlogVault Plugin Vulnerability Fixed in Version 1.45
On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.
However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.
Since then, we have thoroughly
Some insights on how Open Source helps with WordPress security.
WordPress is an Open Source CMS, meaning both: vulnerabilities AND their patches are all visible to the WordPress community. So how does this make WordPress secure? If you studied in a more orthodox school, you might have dreaded tests, (at least I did.)
So when I first heard of the concept of Open Book tests, I thought it was a joke. I had a very similar reaction to what I learned about WordPress’ transparent security model, because I couldn’t even begin to understand how declaring weaknesses could be good for security.
But despite my opinions of what security should work like, WordPress is not only one of the most secure CMSes in the world, it’s also the most popular. How does the platform manage this feat?
WordPress is the most popular CMS in the world
Security through transparency
A concept that most Open Source CMSes use, security through transparency means that every vulnerability, (and its patch) is disclosed to the community using the CMS.
News about an attack not only alerts users of vulnerabilities, it also lets hackers know exactly what is vulnerable and how. The situation can be compared to a pharmacist seeing your prescription and having an idea of the