WordPress warning as hackers target more than 1.6MILLION sites in massive cyber attack

HACKERS have targeted more than 1.6million WordPress sites in a massive cyber attack.

Cyber security firm Wordfence say their researchers have detected an ongoing wave of attacks that originated from over 16,000 different IP addresses.

GettyHackers have attacked more than 1.6milion WordPress sites[/caption]

The Wordfence Theat Intelligence Team said a surge in attack had come over the last 36 hours which targets security bugs in four WordPress plugins and 15 Epsilon Framework themes.

Wordfence claims to have blocked more than 13.7m attacks so far.

The four plugins being targeted are: Kiwi Social Share, WordPress Automatic, Pinterest Automatic and PublishPress Capabilities.

Researchers say the plugins are affected by “Unauthenticated Arbitrary Options update” vulnerabilities, reports Computing.

Hackers are also said to be targeting a “Function Injection” flaw in 15 Epsilon Framework themes to update arbitrary options.

One of the 15 themes currently does not have a patch available.

The targeted Epsilon Framework themes and vulnerable versions are:

Activello <=1.4.1Allegiant <=1.2.5Affluent <1.1.0Shapely <=1.2.8Antreas <=1.0.6NewsMag <=2.4.1Illdy <=2.1.6Newspaper X <=1.3.1MedZone Lite <=1.2.5Pixova Lite <=2.0.6Brilliance <=1.2.9Transcend <=1.1.9Regina Lite <=2.0.5Bonkers <=1.0.5NatureMag Lite – No patch available (recommended to uninstall from site)

Wordfence analysts say the hackers are changing the “users_can_register” option to “enabled” and setting the “default_role” option to “administrator” in most cases.

This allows the hackers to register as an administrator on a site and take it over.

The top three offending IPs include:

144.91.111.6 with 430,067 attacks blocked185.9.156.158 with 277,111 attacks blocked195.2.76.246 with 274,574 attacks blocked

Website admins are urged to check to see if their site has already been compromised by reviewing all users and search for any unauthorised accounts.

Admins should delete any rogue additions as soon as possible.

They are also recommended to review the site’s settings at ‘http://examplesite[.]com/wp-admin/options-general.php’ and make sure the Membership setting and ‘New User Default Role’ are properly set.

UPDATE PLUGINS ASAP

As well, all plugins and themes on WordPress should be updated as soon as possible.

In 2019, Mailgun’s website was attacked by hackers who targeted a WordPress plugin called Yuzo Related Posts.

The cybercriminals added code into sites which redirected visitors to a malicious website.

In the same year, hackers exploited a flaw in the plugin Social Warfare to attack websites.

The criminals injected JavaScript code into the social sharing links present on a website’s posts.

It was discovered in 2017 that a popular WordPress plug-in which had been installed on around 300,000 websites had been compromised with malicious code which opened a back door into the websites.

Attackers also breached the web-hosting firm GoDaddy last month and gained access to the information of nearly 1.2m active and inactive Managed WordPress customers.

The attack allowed the criminal to view their customer numbers, email addresses as well as passwords for the secure file transfer protocol and database, as well as the database usernames for active customers.

GettyThe ongoing wave of attacks is said to have come from more than 16,000 IP addresses[/caption]