A plugin bug has recently led to automated attacks on millions of WordPress websites. According to security researchers the mass exploitation of numerous sites happened because of the plugin vulnerability. The culprit file manager plugin was installed by more than 700,000 sites. Through this WordPress plugin the hacker was able to upload a web shell that was disguised inside an image file on the target’s server.
It is estimated that about 37% of WordPress websites are still using a vulnerable version of this plugin. Despite the news of probing and attacking, a lot of users are still trying their luck with this plugin. On September 4, 2020 it was reported that about one million sites were probed. This does not imply that the WordPress users who are not using this are secure from malicious attacks. Even other websites are constantly being probed by bots in order to find a vulnerable version of the plugin.
This vulnerability initiates a remote authorization to the hacker and enables them to execute unauthenticated commands. Users worldwide are being urged to completely uninstall the plugin if it is not being used actively. The file management functionality that this plugin enjoys can lead to direct access to the wp-admin dashboard. The same can have fatal consequences for the wordpress website.
Safety Protocols for Vulnerable WordPress Websites
This zero day flaw in the file manager plugin is continuing to affect more websites. Wordfence, the WordPress security firm, has confirmed that it has blocked over 450,000 exploitation attempts in the past few days. The makers of the WordPress file manager plugin have issued a new version which has eliminated the security threat. The concern still continues as a lot of websites are still running the older version.
For users whose websites have been compromised, it is advised to re-install WordPress. The re-install will clean-up any damaged or infected core files. They are also advised to change the database passwords. To be on the safer side all users with administrative rights should also change their passwords. These actions can secure the website for users will ensure the safety of their website.