Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.
The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites.
It’s unclear how hackers discovered the zero-day, but since earlier this week, they began probing for sites where this plugin might be installed.
If a probe was successful, the attackers would exploit the zero-day and upload a web shell disguised inside an image file on the victim’s server. The attackers would then access the web shell and take over the victim’s site, ensnaring it inside a botnet.
Millions of sites have been probed, attacked
“Attacks against this vulnerability have risen dramatically over the last few days,” said Ram Gall, Threat Analyst at Defiant.
The attacks started slow, but intensified throughout the week, with Defiant recording attacks against 1 million WordPress sites, just on Friday, September 4.
In total, Gall says Defiant blocked attacks against more than 1.7 million sites since September 1, when the attacks were first discovered.
The 1.7 million figure is more than half of the number of WordPress sites using the Wordfence web firewall. Gall believes the true scale of the attacks is even much larger, as WordPress is installed on hundreds of millions of sites, all of which are probably being gradually probed and hacked.
The good news is that the File Manager developer team created and released a patch for the zero-day on the same day it learned about the attacks. Some site owners have installed the patch, but, as usual, others are lagging behind.
It is this slowness in patching that has recently driven the WordPress developer team to add an auto-update feature for WordPress themes and plugins. Starting with WordPress 5.5, released last month, site owners can configure plugins and themes to auto-update themselves every time a new update is out and make sure their sites are always running the latest version of a theme or plugin and staying safe from attacks.
- Every WordPress site needs this security plugin
- How to keep your WordPress site secure
- Flaw in popular Web analytics plug-in exposes WordPress sites to hacking
- DIY: Add podcasts to a WordPress site without paying a dime
- Botnet authors crash WordPress sites with buggy code
- Microsoft probes new Windows kernel bug
- Millions of sites hit with mass-injection attack
- This Is How To Get AMP On Your Wordpress Site In 5 Minutes
- WordPress fixes XSS, CSRF flaws in latest core update
- WordPress: The smart person's guide
Millions of WordPress sites are being probed & attacked with recent plugin bug have 567 words, post on www.zdnet.com at September 6, 2020. This is cached page on WP Discuss. If you want remove this page, please contact us.