Recent Hack Attacks On WordPress Sites Through Vulnerable Plugins

Since July, over ten vulnerable WordPress plugins have been abused by hacker groups. By creating fake admin accounts, the hackers gain unauthorised access to backdoor sites. 

The last two months have seen a rise in the number of hack attacks on WordPress sites. Attackers exploited the sites to inject malicious code into the victim’s site. The abuse of vulnerable plugins has affected the WordPress ecosystem. When a visitor enters the hacked sites, this code is activated. Clicking on the displayed popup ads redirects visitors to malicious destinations. This includes scams and illegitimate sites for pharmaceuticals and pornography.  

Hackers Can Now Fake Admin Accounts

Three weeks ago, ZDNet reported that the hacker group has changed its tactics. The modification on the malicious code planted on the victim’s site enabled the hackers to do more than just inserting pop-ups and redirects. 

Hack Attacks, WordPress Plugins

The malicious code traced the login activity of the site owner. Once login was detected, the code grabbed the admin’s privileges to create a new admin account named wpservices with the email address [email protected]. By doing so, the hackers disguised their intention behind this account from the site’s owner. Not only would the hackers be able to exploit sites for monetary profits, but also for any activity they desire to execute with the site.

List of Vulnerable WordPress Plugins 

Hack Attacks, WordPress Plugins

These plugins are discovered to be the older vulnerabilities, according to Mikey Veenstra.

Ways to Prevent Hack Attacks

Hack Attacks, WordPress Plugins

1. Update Your Plugin Version

To prevent the hack attacks in question, site owners are advised to keep their plugins updated. This is because older plugins version has higher security vulnerabilities. As always, updating the plugins is a superb defense against hack attacks like these. High chances are your site ranking is going to be affected if your WordPress site is hacked. To gain ranking back, consult our SEO expert today. 

2. Clean Infected Site

Also, WordPress site owners are urged to perform cleaning on the infected sites. If it is done correctly, it would be workable to detect the backdoor systems the hackers might have left behind. Yet, this can be quite tricky and challenging. Site owners are required to scan their websites with WordPress security plugins. Thus, getting professional help is crucial for non-technical users for the best result possible. 

If you suspect your site to have experienced these hack attacks, iMarketing is here to help. Ring us up to learn more.  

Request Expert Consultation

Leave a Reply