api.wordpress.org a potential single-source of failure

Wordfence has posted an important article revealing how WordPress’ automatic update system is vulnerable to compromise. It’s thick reading, but well worth understanding.

Automatic updates is by default “on” with all installations of WordPress.

Hacking 27% of the Web via WordPress Auto-Update