This post was not real. It was an attempt at humor, as bad as it may seem. The post has been removed, and we understand the concerns. We truly apologize for misleading anyone. There is no vulnerability with WordPress 3.x. WordPress and its development team take serious all security considerations and do a great job of ensuring the WordPress security posture, we were not trying to undermine their hard work.
This is to be taken about as serious as most things on April 1st. Sorry for any inconvenience!
If you have any questions, please contact us at support@sucuri.net
Alycia Mitchell
Tony Perez
Peter Gramantik
Lee Howarth
Marc-Alexandre Montpas
14 comments
april fool? There is no wp-att.php in WordPress installtion 😉
Today is “April 1”!
I thought April Fools jokes were meant to be funny?
http://www.google.com/search?q=inurl%3A%22wp-att.php%22
fake :p
Not funny, guys.
The reason this isn’t funny is that the average WordPress user doesn’t know enough about code security to see that you’re joking, and we’ll spend the day telling people that no, this was not a real security issue, after they freak out because someone told them they read a security warning on a trusted site. Tack on an extra day to the development cycle of 3.2, folks.
Not exactly the best april’s fool joke, this could seriously backlash
Great to see you guys get into the holiday spirit, unfortunately it’s a little like yelling fire in a movie theatre.
It’s too easy to call this attempt at an Aprils Fools joke bad taste & blatant attempt to gather attention.
No rather, this is an astounding level of irresponsibility by a purported security company. How do you expect customers to take you seriously after this?
If I were you, I’d consider redacting this and posting a followup.
Once I saw the “carefully planned backdoor” comment I knew it was bogus and started to laugh. But then I thought of all my clients who would miss the joke. So funny for me, unfunny for the other 99% of the population who knows nothing about the internal workings of WP. Just a good reminder that everyone should take everything they hear on April 1 with a grain of salt. (The disclaimer should help soothe any lasting issues, too.)
A classic April Fools joke would be more obviously a joke. The problem was that this doesn’t read like a joke to an uninformed person.
In other words, it’s too subtle. Next time be more obvious about it.
People! it’s April Fools Day!! They are not the only security company having fun today.
http://nakedsecurity.sophos.com/2011/04/01/apple-ipad-vulnerable-to-data-loss-through-substrate-hack/
https://threatpost.com/en_us/blogs/experts-justin-bieber-virus-spottedbut-sputtering-040111
http://blog.metasploit.com/2011/04/happy-april-fools-day.html
Comments are closed.