Over the last few days, there has been quite a bit of news coverage of a vulnerability in a Java library named Log4j. From monitoring we do to keep track of discussion of vulnerabilities in WordPress plugins for our service, we have noticed that there are questions among some about the impact this has on WordPress website and WordPress plugins.

WordPress and WordPress plugins are written in PHP, so a vulnerable Java library won’t impact them. That they are not impacted doesn’t mean that hackers won’t try to exploit the vulnerability on WordPress websites, since hacker will try to exploit vulnerabilities without knowing what software underlies a website. (That is one of the reasons that the many WordPress security plugins that try to hide usage of WordPress are not really providing security.) As an example of that, here are some of the attempts that were blocked by our new firewall on this website so far: [Read more]