HomeNewsWordPress Websites Are Constantly Under Attack

WordPress Websites Are Constantly Under Attack

-

Last Updated on 22/11/2021 by Sunaina

WordPress sites have recently been subjected to a slew of cyber-threats. The consensus is that WordPress isn’t having a good time, whether it’s because of site takeovers or plugin vulnerabilities.

Last week, a wave of assaults targeted 300 WordPress sites, showing false encryption alerts and demanding 0.1 Bitcoin in ransom. Furthermore, by including a countdown timer, these ransom demands create a sense of urgency and terror. This appears to be a typical ransomware attack.

The websites were not encrypted, according to the researchers. The threat actors simply changed the settings of a plugin called Directorist to display a ransom letter and a countdown. As a result, this is a bogus ransomware assault.

One of the most well-known Content Management Systems (CMS) is WordPress. This, on the other hand, suggests that it is a top target for cybercriminals attempting to infect websites. The attackers used brute-force or stolen credentials purchased on the dark web to log in as admins on the sites. These attacks do not appear to be isolated; rather, they appear to be part of a larger effort, implying that they may have purchased credentials on underground markets.

An authorised user might utilise a severe security hole in WP Reset Pro, a WordPress plugin, to wipe the entire database of a website. More than a million websites were open to exploitation due to flaws in OptinMonster, an email marketing WordPress plugin. If left unpatched, the issues might allow an unauthenticated user to steal personal data and install malicious JavaScript on vulnerable WordPress sites. A high-severity flaw in the Hashthemes Demo Importer WordPress plugin was discovered in October, allowing attackers to reset and delete affected sites.

When utilising popular CMS systems, keep an eye out for upgrades and software patches. Also, be cautious about the plugins you use. The current danger to WordPress websites is not a one-time event, and it is likely to continue in the future. Experts believe that true encryption assaults will occur in the future.

Sunaina
Sunaina
A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...