Hackers have breached several servers belonging to WordPress.com to steal source code, the founder of the popular blogging platform revealed yesterday.
In a blog post, Matt Mullenweg said WordPress.com's parent company, Automattic, sustained a root-level infiltration to servers containing code belonging to WordPress.com and a number of its partners.
"We presume our source code was exposed and copied," he wrote. "While much of our code is open source, there are sensitive bits of our and partners' code. Beyond that, however, it appears information disclosed was limited."
He said the company was analysing the scope of the attack and securing vulnerable entryways that may have facilitated it.
WordPress.com has been targeted before. In March, it succumbed to its largest-ever distributed denial-of-service attack, which impacted the millions of blogs it hosts. Last year, its websites were targeted by fake anti-virus products, known as scareware.
Mullenweg advised WordPress users to use strong passwords, and make them unique for different sites.
"Our investigation into this matter is ongoing and will take time to complete," he wrote.
[An earlier version of this story was corrected to note the distinction between WordPress.com, the hosted blogging service, and WordPress, the trademark for self-hosted WordPress blogs, which were not impacted by this breach.]
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
