09 Sep WordPress Sites Attacked in Their Millions
Millions of WordPress sites are being probed in automated attacks looking to exploit a recently discovered plugin vulnerability, according to security researchers.
Wordfence, which itself produces a plugin for the platform, revealed news of the zero-day bug at the start of September. It affects File Manager which, as the name suggests, is a plugin that helps users to manage files on their WordPress sites.
The plugin is installed on around 700,000 WordPress sites, and although Wordfence estimates that only around 37%, or 262,0000, are still running a vulnerable version, this hasn’t stopped attackers from trying their luck against a much larger number of users.
“Attacks against this vulnerability have risen dramatically over the last few days. Wordfence has recorded attacks against over one million sites today, September 4, 2020. Sites not using this plugin are still being probed by bots looking to identify and exploit vulnerable versions of the File Manager plugin, and we have recorded attacks against 1.7 million sites since the vulnerability was first exploited,” explained Wordfence’s Ram Gall.
“Although Wordfence protects well over three million WordPress sites, this is still only a portion of the WordPress ecosystem. As such, the true scale of these attacks is larger than what we were able to record.”
The vulnerability itself could allow a remote, unauthenticated user to execute commands and upload malicious files on a target site. Gall therefore urged users to patch the issue promptly by installing the latest version of the plug, v6.9.
“If you are not actively using the plugin, uninstall it completely,” he added. “Due to the breadth of file management functionality this plugin provides a user within the wp-admin dashboard, we recommend uninstalling the plugin when it is not actively being used.”
We’re Netcom, how can we help?
At Netcom, we are well-versed in helping companies in various sectors navigate the often mystifying, jargon-filled worlds of IT. With over 15 years’ experience and covering virtually all aspects of business IT, we can help guide your business through this uncertain period and help you deploy cutting edge solutions that will not only help you weather the current storm but keep your business at the top of its game beyond the pandemic.
For guidance on IT strategy, cybersecurity and digital transformation why not book a free, no-obligation discovery call today by calling 0114 361 0062.
News Source: https://www.infosecurity-magazine.com/