via pluginvulnerabilities.com => original post link
A week ago, we highlighted a key detail of a recent hacking of the news outlet Fast Company, which other news outlets covering it were failing to discuss. That being that the hacker of Fast Company’s WordPress website claimed they gained access because the website’s Administrator account had the password “pizza123”. That is an important detail as it provides a reminder that a basic security practice, using strong passwords in that case, clearly isn’t always being done. That isn’t a lone example, as what we often see in our working with hacked websites, as well in coverage of other hacking incidents, is that many of these hacks involve failures to do the basics.
The security industry though continues to push more complicated security solutions before focusing on making sure that the basic are being done. As we will touch on in a few moments, that can actually create serious security risks that wouldn’t otherwise exist. [Read more]