On This Page: [hide]
900,000 WordPress websites have been under malicious attacks. Its main goal is to manipulate the sites and redirect the visitors to malvertising pages. Backdoor viruses target administrative users. The Wordfence team reports on the attacks.
According to the research team, most of these attacks are likely caused by a single hacking group. It will redirect users to a hacker-controlled page. The programming language of choice is JavaScript. It uses the administrator’s session to deliver a backdoor. The implanted location is the theme header of the installation.
How are the attacks against 1 million WordPress sites possible?
Similar infections are being carried against WordPress sites. Hacker actions take advantage of unpatched plugins and extensions.
Hackers exploited these security flaws according to the Wordfence team:
1. Vulnerable versions of the Easy2Map plugin. In August 2019 thee WorPress team removed it from the WP repository. According to our information this is one of the most targeted extensions.
2. An XSS vulnerability in Blog Designer, patched in 2019. More than 1,000 installations remain unpatched.
3. An vulnerability in the WP GDPR Compliance plugin, patched in 2018
4. A vulnerability in Total Donations which would allow attackers to change the site’s home URL. Envato Marketplace removed it in early 2019. We estimate that less than 1,000 total installations remain.
How to protect your WordPress site
The number of sites under attack reaches almost 1 million. It is possible that your installation is either compromised or at risk.
To improve your safety, make sure that all your plugins are updated. You can also delete removed plugins from the WordPress plugin repository. We recommend using a Web Application Firewall to protect against any unpatched vulnerabilities. HowToHosting.Guide is always monitoring hacking attacks, so keep an eye on our site.
Also read Top 5 Best WordPress Security Plugins to Protect Your Website (2020)