Web Alert: WordPress Sites Are Being attacked With a Plugin Bug

There are millions of WordPress sites that have been probed and attacked last week, the firm behind the Wordfence web firewall said on Friday.

WordPress attacked with new plug-in

The attacks occured after they discovered and started exploiting a zero-day vulnerability in a plug-in called File Manager, a popular WordPress plugin installed on more than 800,000 WordPress sites throughout the world.

Super Mario 64, Sunshine and Galaxy are Coming to Celebrate 35 Years of Mario

The zero-day was an unauthenticated file upload vulnerability “1, 2, 3” that allowed an attacker to upload malicious files on a
Website with the aim of running an older version of the File Manager plugin.

Here is The Price Difference of The New Increment for Xbox Game Pass

Now it is unclear how hackers discovered the zero-day, but since earlier this week, they began probing for sites where this plugin might be installed.

Redmi Note 9 Pro Max, Xiaomi’s Mi Max Returns Under Redmi; Price in Kenya and Nigeria

If a probe was successful, the attackers would exploit the zero-day and upload a web shell disguised inside an image file on the victim’s server. The attackers would then access the web shell and take over the victim’s site, ensnaring it inside a botnet.

WordPress image

Attacks against this vulnerability have risen dramatically over the last few days, said Ram Gall, Threat Analyst at Defiant.

The attacks started slow, but intensified throughout the week, with Defiant recording attacks against over one million WordPress sites, just on Friday, September 4, 2020.

This is Why Xiaomi is Once Again The King of Performance

In total, Gall says Defiant blocked attacks against more than 1.7 million sites since September 1, when the attacks were first discovered.

The 1.7 million figure is more than half of the number of WordPress sites using the Wordfence web firewall.

Motorola razr 5G: Motorola’s New Flexible Screen Smartphone Leaks in All its Glory.

Gall believes the true scale of the attacks is even much larger, as WordPress is installed on hundreds of millions of sites, all of which are probably being gradually probed and hacked.

The good news is that the File Manager developer team created and released a patch for the zero-day on the same day it learned about the attacks. Some site owners have installed the patch, but, as usual, others are lagging behind.

It is this slowness in patching that has recently driven the WordPress developer team to add an auto-update feature for WordPress themes and plugins.

Starting with WordPress 5.5, released last month.

So it is very important if you are a site owners to set all of your plugins and themes to auto-update themselves every time a new update is outdated and make sure their sites are always running the latest version of a theme or plugin and staying safe from attacks.

The security company has also advised to uninstall the software completely if a user is not actively using the plugin.

“As a general rule, we recommend that you always have your firewall optimized. When zero day vulnerabilities like this are attacked, having an optimized firewall gives you a much better chance of preventing successful exploitation,” Gall said.

Nairablinkhttps://nairablink.com
This is to welcome all our readers and fans to Nairablink's Blog where we shall be providing you with the latest online business and entertainment gist/news updates. The CEO of Nairablink is a graduate of Economics at Ekiti State University, a comedian, blogger and entrepreneur. Our aim is to provide you with a paying site review and. mind you, I am not in anyway related to the owners of the earning sites you see on this page. So, Do Not Invest What You Can Not Afford To Lose. After reading the review its your choice to decide either to invest or not. But be wise, online business is 50/50. Thanks for reading... I am Adebajo Williams For Sponsors and Adverts Contact: Tel: +2347037477278 Address: 57, Ijebu-Ode Road, Poka Epe, Lagos Nigeria. Email: [email protected]
RELATED ARTICLES

How to Make Money Online With E-Spinlight Store

Good day my people, you are welcome to Nairablink.com. I think it's been a very long time since we update you all on a...

How To Make Money Online In Nigeria With Phoenix Contact

What is Phoenix Contact? Phoenix Contact E-Mobility provides a broad charging technology portfolio for the rapidly growing e-mobility market – for both the vehicle charging...

META FORCE Updates: Change of Date & Stable Coin From USDT to DAI

Take your time to read the update direct from the META FORCE Official Telegram Channel. Hello friends! To this Meta Force Updates, we have another important...

Your comment is very important to us. No SPAM

Most Popular

How to Make Money Online With E-Spinlight Store

Good day my people, you are welcome to Nairablink.com. I think it's been a very long time since we update you all on a...

How To Make Money Online In Nigeria With Phoenix Contact

What is Phoenix Contact? Phoenix Contact E-Mobility provides a broad charging technology portfolio for the rapidly growing e-mobility market – for both the vehicle charging...

META FORCE Updates: Change of Date & Stable Coin From USDT to DAI

Take your time to read the update direct from the META FORCE Official Telegram Channel. Hello friends! To this Meta Force Updates, we have another important...

How To Make Money With Smart Part Time by AALTO Media Ltd

Smart Part Time is a new project jointly launched by AALTO MEDIA LIMITED and tiktok. It mainly serves the four major platforms of Facebook,...

Recent Comments

Share this:

Like this:

Like Loading...
%d bloggers like this: