Buzz
The new technique is rather intricate, and to compromise a website, hackers must navigate through various steps, some of which could thwart successful attacks.
Alert: New Hacker Technique Installing Backdoor Plugins on WordPress
According to reports from Wordfence security company and various posts on official WordPress.org forums, the attacks have been ongoing since May 16th. Website owners reported that the attackers have infiltrated and unauthorizedly managed their websites.
Operation of the new attack technique
The initial step of the attack involves hackers obtaining usernames and passwords from publicly breached accounts and logging into WordPress.com accounts.
Users reusing passwords across accounts and failing to activate two-factor authentication make their accounts more susceptible to being compromised by attackers.
For a deeper understanding, WordPress.com accounts are utilized to manage professionally hosted blogs by Automattic, distinct from WordPress.org accounts and admin accounts for self-hosted WordPress websites based on open-source CMS.
The open-source WordPress CMS is managed by the WordPress community, while Automattic developers contribute to the open-source project and exert influence, maintaining a close relationship with the open-source CMS. This is why in recent years, Automattic has taken analytics plugins used on WordPress.com and released them as open-source plugins for self-hosted WordPress sites.
Hacker installs backdoor plugins through Jetpack
The analytics module named Jetpack has been developed and enhanced with many new features, and is currently one of the most popular plugins on WordPress websites.
One of the standout features of this plugin is its ability to connect self-hosted WordPress sites and use the Jetpack dashboard within WordPress.com to manage tens, even thousands, of self-hosted WordPress sites through the installed Jetpack plugin on those sites.
Jetpack also includes the ability to install plugins on other websites from the Jetpack dashboard on WordPress.com.
Plugins are not stored or hidden on the WordPress.org repository, and attackers can easily upload a malicious ZIP file, then send it to each website.
According to Wordfence, hackers compromise WordPress.com accounts and seek out linked self-hosted WordPress websites to abuse the remote management feature and deploy backdoor plugins on previously secured websites.
Attacks Occurred for Over a Week
Experts indicate that the attacks commenced on May 16th, with hackers deploying a plugin named pluginsamonsters, then transitioning to deploy another plugin named wpsmilepack on May 21st.
The exact number of unlawfully infiltrated websites has yet to be determined, and detecting the compromised websites is proving to be quite challenging.
The Wordfence research team stated: 'The plugins are displayed on the WordPress.com dashboard but remain invisible in the list of targeted WordPress websites when active'.
Presently, these backdoors are being utilized by hackers to redirect users to spam and technical support scam pages.
Owners of WordPress Self-Hosted sites who have connected the Jetpack plugin with their WordPress.com accounts are advised to review the plugins they have deployed on their self-hosted websites within the WordPress.com dashboard.
If suspicious plugins are detected, changing the account password immediately and enabling two-factor authentication for their account is necessary.
Wordfence reveals that attackers are leveraging this technique to target previously self-hosted WordPress websites. Earlier this year in February, attackers utilized a technique called credential stuffing, employing leaked usernames and passwords to guess admin login credentials and unlawfully infiltrate self-hosted WordPress websites directly at the source.
WordPress stands as an open-source powerhouse, widely embraced for crafting personal blogs and websites. Delve into the realm of creating your own WordPress blog right here!
Embark on your WordPress journey armed with essential tricks and tips:
- Unlock the secrets of Page Creation in WordPress
- Master the art of Category Formation in WordPress
- Dive into the world of Tag Generation in WordPress
By harnessing the FaceDetector API available on Chrome 56 and above, coupled with webcam technology, a novel Chrome extension momentarily suspends YouTube playback when users divert their gaze from the screen. Elevate your multimedia experience without the hassle of constant manual intervention.
