Wordfence reports that hackers are widely attempting to exploit a vulnerability that they reported over three months ago. According to The Register:
Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks — the WordPress security shop claims it blocked an average of 443,868 attack attempts per day on its customers’ sites.
The vulnerability is around “Modern WPBakery Page Builder Addon” which was formerly sold on the Envato marketplace. Its history is instructive. Someone made something and published it, then walked away. Some time later, a vulnerability was found. Then some time after that, Wordfence published an alert. There will never be a fix because the developer has abandoned the code. Hence there are all these zombie sites ripe for attack.
WordPress is the most over-criticized and under-criticized platform. Over-criticized because some people think that every WordPress installation can be trivially exploited, which isn’t true. Under-criticized because if you treat WP like a plugin smorgasbord, it’s easy to employ crappy third-party code that leaves you wide open. That’s what happened here.
The lesson is obvious: since you’re not going to do a line-by-line security analysis of your WP plugins, you should stick to plugins which are widely-used. Of course, the more popular a plugin is, the more it is targeted, so maybe what you really need is a security plugin…sigh.
Related Posts:
Has Matt Mullenweg of WordPress Actually Lost His Mind?
Mullenweg, Former Part Owner of WP-Engine, and His WordPress Checkbox of Doom
CloudLinux Enhances WordPress Support and Commits to Five for the Future Initiative
Automattic's $32 Million Annual Demand: The High Stakes of Using the WordPress Trademark
LowEndBoxTV: Stop Losing Your WordPress Data! Backup Your WordPress Easily for FREE!
WordPress v. WP-Engine Thermonuclear War, and Every Linux Box is About to be Hacked
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- AI Pushes the Doomsday Clock a Second Closer to Midnight - January 29, 2025
- QuadraNet’s LA Datacenter Has Been Offline for Five Days - January 28, 2025
- Vote For Your Favorite Provider and Win Prizes!Provider Poll 2024 is Open! - January 28, 2025
Leave a Reply