Press "Enter" to skip to content

Millions of WordPress Sites Are Being Probed And Attacked With Recent Plugin Bug

Millions of WordPress Sites Are Being Probed And Attacked With Recent Plugin Bug. According to Wikipedia, WordPress is a free and open-source content management system written in PHP and paired with a MariaDB or MySQL database. It was founded by Matt Mullenweg and Mike Little, as a fork of b2/cafelog. WordPress was released on May 29, 2003.

Millions of WordPress Sites Are Being Probed And Attacked With Recent Plugin Bug

It comes with features such as a plugin architecture and a template system, referred to as a theme within WordPress. It was initially created as a blog publishing system but has evolved to support other types of web content including more local mailing lists and forums, membership sites, online stores media galleries, and learning management systems.

However, as of April 2019, the platform is used and accessed by millions of websites, which includes 33.6% of the top 10 million sites. It is one of the most popular content management system solutions.

Millions Of WordPress Sites Are Being Probed And Attacked With Recent Plugin Bug

According to ZDNet, this week, millions of WordPress sites have been Probed and attacked, defiant, the company behind the Wordfence firewall said on Friday.

Further,  that the sudden attacks happened after hackers discovered and start exploiting a zero-day vulnerability in “file manager”, which is a popular WordPress plugin installed on over 700,000 websites. However, the zero-day was an unauthenticated file upload vulnerability that lets an attacker upload malicious files on a website running an older version of the file manager plugin.

It’s still not clear on how hackers discovered the zero-day, but since earlier this week, they started to probe for sites where this plugin might be installed.

However, if a probe was successful, the attackers would exploit the zero-day and upload a web shell disguised within an image file on the victim’s server. Then the attackers would access the web shell and take charge of the victim’s site, ensnaring it inside a botnet.

Ram Gall Statements on Websites Probing Attacks

Ram Gall, threat analyst at defiant says “ attacks against this vulnerability have risen dramatically over the last few days.”

The attack began slow, but intensified all through the week, with Defiant recording attacks against one million WordPress sites, on 4 September. In conclusion, Ram Gall says Defiant blocked attacks against over 1.7m websites since September 1st, when the attack was first discovered.

The 1.7m figure is more than half of the number of WordPress sites using the Wordfence web firewall. Ram believes the true scale of the attacks is even much larger, as WordPress is installed on the millions of sites, all of which are probably being probed and hacked gradually.

What’s The Solution?

The good news is that the “File manager” developer team created and released a patch for the zero-day on the same day it learned about the attack.

Thus, the slowness is patching is drove the WordPress development team to add an auto-update feature for WordPress themes and plugins. Beginning with WordPress 5.5, released last month. Websites owners can now configure plugins and themes to auto-update themselves with ease when a new update is out and also ensure their sites are always running the latest version of a plugin or theme to stay safe from attackers


  1. Luneta Hummer H2 Sut 2015 Luneta Hummer H2 Sut 2015 September 26, 2020

    Thank you, I’ve recently been looking for information approximately this subject
    for a long time and yours is the best I have discovered so
    far. However, what about the conclusion? Are you certain about the supply?

  2. Luneta Otokar Navigo 2004 Luneta Otokar Navigo 2004 September 26, 2020

    Whats up this is kinda of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML.
    I’m starting a blog soon but have no coding skills so I
    wanted to get guidance from someone with experience. Any help would be
    greatly appreciated!

  3. Luneta Ford Escort II Turnier 1980 Luneta Ford Escort II Turnier 1980 September 27, 2020

    I know this web page presents quality based articles and
    additional data, is there any other web page which offers such data in quality?

  4. Parbriz Caddy Alltrack 2017 Parbriz Caddy Alltrack 2017 September 27, 2020

    I’m not that much of a online reader to be honest
    but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back later.
    Many thanks

  5. Parbriz auto AUDI A4 Avant 8W5 B9 2020 Parbriz auto AUDI A4 Avant 8W5 B9 2020 September 27, 2020

    Incredible quest there. What happened after? Good luck!

  6. Parbriz auto NISSAN SUNNY III Traveller Y10 1993 Parbriz auto NISSAN SUNNY III Traveller Y10 1993 September 27, 2020

    Have you ever thought about adding a little bit more than just your articles?
    I mean, what you say is valuable and all. However imagine if you added
    some great pictures or video clips to give your posts more,
    “pop”! Your content is excellent but with images and videos,
    this website could certainly be one of the greatest in its niche.

    Excellent blog!

Leave a Reply

Your email address will not be published. Required fields are marked *