Monday, 28 April 2025
26.7 C
Singapore
27.6 C
Thailand
21 C
Indonesia
27.2 C
Philippines

Over a million WordPress sites attacked by a hacker in a month

WordPress users are being asked to make sure that all their plug-ins are up-to-date after a 30-fold increase in attack traffic targeting majorly cross-site scripting vulnerabilities were detected by a researcher.  The surge in this malicious traffic over the last month peaked on May 3, 2020, when over 20 million attacks were attempted against over […]

WordPress users are being asked to make sure that all their plug-ins are up-to-date after a 30-fold increase in attack traffic targeting majorly cross-site scripting vulnerabilities were detected by a researcher. 

The surge in this malicious traffic over the last month peaked on May 3, 2020, when over 20 million attacks were attempted against over 500,000 individual sites, according to Ram Gall from Wordfence.

Over the past month, Wordfence, a security vendor, detected attacks on over 900,000 sites from more than 24,000 IP addresses, all of which appear to be from the same malicious hacker. That is because the attacker is attempting to inject a similar JavaScript payload to insert a backdoor into a victim website and redirect visitors.

The attacks seek to exploit a few cross-site scripting vulnerabilities in the Newspaper theme, Easy2Map plug-in, and the Blog Designer plug-in. It also targeted the WP GDPR Compliance plug-in as well as the Total Donations plug-in.

Gall warned that the hacker behind all this might be able to pivot other vulnerabilities in the future.

The JavaScript used to attack the sites is designed to redirect users who are not logged-in to a malvertising URL. If the users are logged-in, the JavaScript tries to inject a malicious backdoor into a user’s current theme’s header file alongside another JavaScript, aiming to take control of the site. 

“The most important thing you can do in a situation like this is to keep your plug-ins up-to-date and to deactivate and delete any plug-ins that have been removed from the WordPress plug-in repository. The vast majority of these attacks are targeted at vulnerabilities that were patched months or years ago, and in plug-ins that don’t have a large number of users,” Gall advised.

“While we did not see any attacks that would be effective against the latest versions of any currently available plug-ins, running a web application firewall can also help protect your site against any vulnerabilities that might have not yet been patched,” he added.

Hot this week

Rivian adds Cohere CEO to its board, showing confidence in AI direction

Rivian welcomes Cohere CEO Aidan Gomez to its board, marking a big move into AI and advanced tech for future vehicle innovation.

LG reveals a smart monitor on wheels—but it still needs to be plugged in

LG’s new 31.5" Smart Monitor Swing rolls on wheels and runs webOS, but it still needs a power plug and costs around US$740.

WhatsApp adds new Advanced Chat Privacy feature to boost group chat security

WhatsApp's new Advanced Chat Privacy feature helps stop group chat content from being shared or saved outside the app.

Lenovo introduces new ThinkPad mobile workstations and business laptops for the AI-ready workforce

Lenovo refreshes its ThinkPad lineup with new AI-ready mobile workstations and business laptops, enhancing mobility, performance, and security.

Famed AI researcher starts bold new company aiming to replace human jobs

AI expert launches Mechanize, a startup aiming to replace all human jobs with AI, sparking backlash and deep concern across the tech world.

Gitex Asia x Ai Everything Singapore highlights robotics, AI and next-gen tech at inaugural event

Gitex Asia x Ai Everything Singapore highlights robotics, AI, startups, and tech innovations, shaping Southeast Asia’s digital future.

Lenovo introduces new ThinkPad mobile workstations and business laptops for the AI-ready workforce

Lenovo refreshes its ThinkPad lineup with new AI-ready mobile workstations and business laptops, enhancing mobility, performance, and security.

SquareX secures US$20 million to transform browser security

SquareX raises US$20 million to strengthen browser security, offering enterprises an easy way to protect users without disrupting their workflows.

Smart Communications acquires Joisto to strengthen cloud archival capabilities

Smart Communications acquires Joisto to expand cloud-based customer conversation and archival solutions, strengthening its leadership in CCM and IXM.

Related Articles

Popular Categories