I just received an email from Wordfence that I thought would be good to share with you. It contains information on WP Super Cache and W3 Total Cache. If you use either of these plugins, please pay close attention.

Dear WordPress Publisher, If you would like to stop receiving WordPress security alerts and product updates from Wordfence, you can click here.  You subscribed to this list via the Wordfence security plugin for WordPress. A security hole that allows anyone to execute any command on your WordPress server has been discovered in the WP Super Cache and W3 Total Cache plugins. WHAT TO DO: Upgrade to the newest version of both these plugins immediately  The security holes have been fixed by the developers. The impact of these security holes can’t be overstated. They allow anyone to bypass all security and gain complete access to your WordPress site. The exploit was posted by a user on the WordPress forums. The plugin authors have now updated their code to fix this issue. The security hole allows an attacker to post PHP code embedded in comments and that code will be executed by your server. This effectively gives them unlimited access to all parts of your site and database. There have been roughly 6 million downloads of both plugins combined, so they are very popular and this hole is likely to have spawned large scale automated attacks that take advantage of it. If you run either of these plugins, it’s likely that your system may already have been compromised. Please upgrade both plugins and then run a full Wordfence scan to verify your system integrity. Regards, Mark Maunder Wordfence Creator & Feedjit Inc. CEO. PS: If you aren’t already a member you can subscribe to our WordPress Security and Product Updates mailing list here. You’re welcome to republish this email in part or in full provided you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.

This morning there was a hacker(s) trying to login into many different websites by trying to guess at the passwords associated with the accounts. As such, it triggered some servers to “shut down” the sites for a bit early this morning. It appears that everyone is up and running just fine at this point, as you can see because you’re reading this site. If you are on my hosting site, New Blog Hosting, I can tell you that our host has our sites back up and running and is actively checking to ensure that everything is secure.

To give you an idea of what happened this morning, my hosting site’s firewall stopped 6 million password attempts in a 5 minute period. One of my personal sites, this site, Design Junky, was hit 1 million times with no successful attempts to crack my password. This is unfortunately not new in the Internet world. This is something that happens every single day. So, what do you do to ensure that if they hit your site 1 million times like they hit mine that they do not get into the account? You change your password, often, and to something difficult to guess or hack.

Here are some great articles on password protecting yourself and your sites. Please take a look at it and protect your site from these hackers in the future. If you have any problems today, please let me know.

http://askwpgirl.com/how-to-avoid-botnet-hack/

http://churchm.ag/strong-password/

http://churchm.ag/increase-password-security/

http://churchm.ag/500-worst-passwords-print/ (just for fun)

I’ve been trying for years to find the perfect To Do List or notes, etc. to no avail. So, this last year, I started making my own. Mine tend to be very simple as I am the only one needing them, but after some thought, I realized that I could jazz them up a bit and sell them like everyone else is. After all, I figured if I had been looking all this time and hadn’t found something I like yet, someone else has to be looking as well.

So, head on over and check out my new Etsy shop! I will be posting more things to it soon.

http://www.etsy.com/shop/DesignJunkyTX