Millions of WordPress Sites Are Being Probed And Attacked With Recent Plugin Bug. According to Wikipedia, WordPress is a free and open-source content management system written in PHP and paired with a MariaDB or MySQL database. It was founded by Matt Mullenweg and Mike Little, as a fork of b2/cafelog. WordPress was released on May 29, 2003.
It comes with features such as a plugin architecture and a template system, referred to as a theme within WordPress. It was initially created as a blog publishing system but has evolved to support other types of web content including more local mailing lists and forums, membership sites, online stores media galleries, and learning management systems.
However, as of April 2019, the platform is used and accessed by millions of websites, which includes 33.6% of the top 10 million sites. It is one of the most popular content management system solutions.
Millions Of WordPress Sites Are Being Probed And Attacked With Recent Plugin Bug
According to ZDNet, this week, millions of WordPress sites have been Probed and attacked, defiant, the company behind the Wordfence firewall said on Friday.
Further, that the sudden attacks happened after hackers discovered and start exploiting a zero-day vulnerability in “file manager”, which is a popular WordPress plugin installed on over 700,000 websites. However, the zero-day was an unauthenticated file upload vulnerability that lets an attacker upload malicious files on a website running an older version of the file manager plugin.
It’s still not clear on how hackers discovered the zero-day, but since earlier this week, they started to probe for sites where this plugin might be installed.
However, if a probe was successful, the attackers would exploit the zero-day and upload a web shell disguised within an image file on the victim’s server. Then the attackers would access the web shell and take charge of the victim’s site, ensnaring it inside a botnet.
Ram Gall Statements on Websites Probing Attacks
Ram Gall, threat analyst at defiant says “ attacks against this vulnerability have risen dramatically over the last few days.”
The attack began slow, but intensified all through the week, with Defiant recording attacks against one million WordPress sites, on 4 September. In conclusion, Ram Gall says Defiant blocked attacks against over 1.7m websites since September 1st, when the attack was first discovered.
The 1.7m figure is more than half of the number of WordPress sites using the Wordfence web firewall. Ram believes the true scale of the attacks is even much larger, as WordPress is installed on the millions of sites, all of which are probably being probed and hacked gradually.
What’s The Solution?
The good news is that the “File manager” developer team created and released a patch for the zero-day on the same day it learned about the attack.
Thus, the slowness is patching is drove the WordPress development team to add an auto-update feature for WordPress themes and plugins. Beginning with WordPress 5.5, released last month. Websites owners can now configure plugins and themes to auto-update themselves with ease when a new update is out and also ensure their sites are always running the latest version of a plugin or theme to stay safe from attackers