Is Your WordPress Site Vulnerable To Hackers?
Critical vulnerabilities in plugins may put your WordPress site at risk of being breached by cybercriminals. Do you know how to address these potential vulnerabilities?
Researchers at NinTechNet have reported a series of cybercrime attacks taking place on WordPress hosted websites. Those using certain newer plug-ins may be vulnerable due to zero-day exploit bugs.
If you use WordPress to host your website, it’s important for you to understand what the affected plug-ins are, and how you can address any potential vulnerabilities.
Which Plug-Ins Are Vulnerable?
Does your website use any of these plug-ins?
- Flexible Checkout Fields for WooCommerce (20,000 active installations)
- Async JavaScript (100,000+ installations)
- 10Web Map Builder for Google Maps (20,000+ installations)
- Modern Events Calendar Lite (40,000+ installations)
“This attack campaign exploits XSS vulnerabilities in the above plugins to inject malicious Javascript that can create rogue WordPress administrators and install malicious plugins that include backdoors,” explained Defiant threat analyst Mikey Veenstra. “It is important that site administrators using these plugins urgently take steps to mitigate these attacks.”
How Can You Tell If You’ve Been Breached?
Keep an eye out for the following red flags:
- The appearance of new admin accounts that you didn’t create
- The appearance of new plugins on the plugins list that you didn’t install
- Suspicious files (with extensions “.php” or “.zip”) appearing in your /wp-content/uploads/ directory
- Checkout fields rearranged, functioning incorrectly, or the appearance of new fields that you didn’t add
What Can You Do To Protect Yourself?
The bottom line with these vulnerabilities (and cybersecurity in general) is that you need to stay up to date.
One of the most common ways cybercriminals get into a network is through loopholes in popular software, applications, and programs. Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users. This is why it’s imperative that you keep your applications and systems up to date.
Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process. Comprehensive and regular patch management is a crucial part of proper IT security.
In order to maintain a secure IT environment, you either have to ensure your staff is staying on top of all incoming updates or better yet, you need to work with a reliable IT company like Kraft Technology Group to take care of it for you. Otherwise, your outdated software is essentially a ticking time bomb, putting your business at greater risk with each day that passes.