Web Hosting Forum - Net Hosting Talk

We are a community of individuals and businesses passionate about web hosting. Let's build, learn, and grow together.

Security Alert !: Organized attack on WordPress sites through plugins

Hello Members,

A group of hackers is exploiting vulnerabilities in more than ten WordPress plugins , creating fake administrator accounts on WordPress sites across the network.

The attacks are an escalation of a hacking campaign that began a month ago .

In previous attacks, hackers attacked vulnerabilities in the same plugins in order to inject malicious code into hacked sites.

The purpose of this code was to show pop-up ads or redirect visitors to other websites .

However, two weeks ago, the same group of hackers behind these attacks changed tactics and modified the code injected into the compromised sites.

Instead of simply inserting ads or redirects, the code also executed a function with which to test if the site visitor could create user accounts on the site, come on, if the user had a WordPress administrator profile.

Simply, the code waited for the administrator to access their websites, and when it did, the code created a new administrator account called wpservices.

When creating these accounts, the group of hackers after this campaign changed tactics to, in this way, exploit the sites to obtain economic income , and incidentally add backdoors to use them in the future for other purposes.

These attacks exploit vulnerabilities of the following plugins:

In the list of plugins you have the link to their respective vulnerability, so you can check which version you have to update to be safe, if you use any of them.

Once you update the plugins , check the list of users if there is a rare administrator, such as the one I have placed above, or any other that should not be there. If you find any, delete it without mercy.

And if you have more problems, such as injected code or strange behaviors, hire a professional to clean your installation and don't make any more excuses to have a professional WordPress maintenance service that avoids these problems in the future.