Web sites having CMS version less than WordPress 4.7.2 defaced at large. WordPress 4.7.2 included a fix for an undisclosed critical vulnerability. As per WordPress security team, if website administrators running self-hosted popular cms version will not upgrade cms version they may fall victim to this vulnerability.
This vulnerability allows hackers to modify the content of any post.
There are a number of groups who are running campaign’s collectively deface WordPress websites. Below are four groups that have been identified uptill now behind defacement campaigns
You can easily google by these groups name and follow what are the sites they have currently defaced or can see the stats on http://www.zone-h.org/.
WordPress has an auto-update feature enabled by default, along with an easy 1-click manual update process. However many users is not aware of this or many users avoid upgrading to latest version by default.
We strongly recommend, WordPress administrator to keep their website updated with latest security updates and patches.
You can download the updated version of WordPress from below link