An ongoing “backdoor attack” is trying to compromise as many WordPress sites as possible.
If your website is running on WordPress right now, you need to find all potential loopholes and lock it up. There has been an ongoing hacking campaign targeting WordPress sites in recent times. The campaign tries to exploit known technical loopholes in WordPress plugins to inject malicious codes into the victim sites, which causes the sites’ visitors to be redirected to potentially harmful content like malware droppers and fraud sites. The hackers have a way of hiding their tracks in an attempt to avoid detection by web application firewall and other anti-malware applications.
In a report posted by Wordfence , it was revealed that the malicious code injected into compromised websites looks to create rogue admin user accounts on the victim’s site. One of such accounts was identified as wpservices with the email wpservices@yandex.com and the password w0rdpr3ss, with this user in place, the attacker is free to install further backdoors or perform other malicious activity. Some of the plugins targeted have been identified as follows:
- Coming Soon Page & Maintenance Mode
- Bold Page Builder
- Blog Designer
- Live Chat with Facebook Messenger
- Yuzo Related Posts
- Visual CSS Style Editor
- WP Live Chat Support
- Form Lightbox
- Hybrid Composer
How can you protect your website?
The takeaway from all these is that the popularity of WordPress application is also its weakness. You have to always be on high alert and assume that your website is the subject of constant automated hacking attempts. With the current number of WordPress plugins at 55,170, they represent a major security headache for site owners. According to a report from Imperva, 98% of WordPress vulnerabilities are related to plugins.
Check your WordPress dashboard regularly for needed updates and ensure your WordPress, themes, and plugins are up to date, and if possible, configure your site to update itself automatically. Be sure to delete any unused themes or plugins in order to reduce the opportunity for hackers to gain access to your site. Even though unused plugins and themes are disabled, they can still be exploited by hackers.
Make sure your theme files are locked by default to protect against unwanted editing. Do not use the default admin username and default admin page (URL) for the administrator. Instead, create a user and admin page with a different username and url.
Finally, Make regular backups of your WordPress site. Backups will not prevent a site from being compromised but they do help get a site back online quickly in case of compromise. It is also recommended you use Wordfence or Cerber Security plugins to harden your WordPress security.
