According to WordPress, over 60 million people have chosen the software to power their websites. An ongoing “backdoor attack” is trying to compromise as many of them as possible. Here’s what you need to know.
What do WordPress website owners need to know?
A website hacking campaign, that has been ongoing since July, has morphed from redirecting browsers to sites containing dodgy adverts or malicious software into something that is potentially even more problematical. Mikey Veenstra, a researcher with the Defiant Threat Intelligence team, said that “the campaign has added another script which attempts to install a backdoor into the target site by exploiting an administrator’s session.”
“This AJAX call creates a user named wpservices with the email firstname.lastname@example.org and the password w0rdpr3ss,” Veenstra said, “with this user in place, the attacker is free to install further backdoors or perform other malicious activity.”
How are the attackers getting access to your website?
As is often the case where WordPress site compromise is concerned, the threat actors behind the current attack campaign leverage vulnerabilities in third-party WordPress plugins. The official WordPress website states that there are some 55,133 plugins available at the moment. According to an Imperva report looking at web application vulnerabilities, only 3% of these were newly added during 2018. This means that there are a lot of old plugins out there, and likely still in use, which haven’t been updated for a while. Given that in the report Imperva revealed “98% of WordPress vulnerabilities are related to plugins,” the extent of the problem is easy enough to grasp.
To read the original article: