- Joined
- Sep 3, 2014
- Messages
- 6,244
- Likes
- 13,130
- Degree
- 9
Before I even start, let me drop some advice:
10+ Wordpress Plugins with Vulnerabilities Just Discovered
Here's the skinny. WordFence had found a hacker group that was doing this Malware Advertising campaign through specific plugins. Some people listened, some didn't, some didn't hear about it. That same group never stopped according to ZDNet, who says they're getting into your site through specific plugins and creating an admin account.
What Happens?
They use these plugins to plant some javascript or something to detect when you log into your own site, then they use your own administrative privileges to create a new admin account called wpservices with the email address
Which Plugins?
Word on the street is these are older problems that have already been fixed, so they're scanning sites to see who has these plugins and hasn't updated them. That's why it's important to update your plugins all the time, because as soon as a vulnerability is outted, the plugin developers fix them. Then it's a race between you and the hackers to see who gets to your site first.
- Don't use random plugins from random developers
- Stick to big ones like Yoast, AdvancedCustomFields, WP Super Cache, etc. Ones where livelihoods depend on them being correct, with long running histories and great reputations.
- Always log into your sites and update your plugins (and themes, this goes for those too).
- The less plugins, the safer you are.
- Always be taking rolling backups and keep like 4-5 of those so you can revert to one if needed.
10+ Wordpress Plugins with Vulnerabilities Just Discovered
Here's the skinny. WordFence had found a hacker group that was doing this Malware Advertising campaign through specific plugins. Some people listened, some didn't, some didn't hear about it. That same group never stopped according to ZDNet, who says they're getting into your site through specific plugins and creating an admin account.
What Happens?
They use these plugins to plant some javascript or something to detect when you log into your own site, then they use your own administrative privileges to create a new admin account called wpservices with the email address
wpservices@yandex.com
. Then they can do whatever the hell they want from inside the site's Wordpress dashboard.Which Plugins?
- Coming Soon Page & Maintenance Mode
- Yellow Pencil Visual CSS Style Editor
- Blog Designer
- Bold Page Builder
- Live Chat with Facebook Messenger
- Yuzo Related Posts
- WP Live Chat Support
- Form Lightbox
- Hybrid Composer
- All former NicDark plugins
Word on the street is these are older problems that have already been fixed, so they're scanning sites to see who has these plugins and hasn't updated them. That's why it's important to update your plugins all the time, because as soon as a vulnerability is outted, the plugin developers fix them. Then it's a race between you and the hackers to see who gets to your site first.