Wordfence reports that hackers are widely attempting to exploit a vulnerability that they reported over three months ago.  According to The Register:

Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks — the WordPress security shop claims it blocked an average of 443,868 attack attempts per day on its customers’ sites.

The vulnerability is around  “Modern WPBakery Page Builder Addon” which was formerly sold on the Envato marketplace.  Its history is instructive.  Someone made something and published it, then walked away.  Some time later, a vulnerability was found.  Then some time after that, Wordfence published an alert.  There will never be a fix because the developer has abandoned the code.  Hence there are all these zombie sites ripe for attack.

WordPress is the most over-criticized and under-criticized platform.  Over-criticized because some people think that every WordPress installation can be trivially exploited, which isn’t true.  Under-criticized because if you treat WP like a plugin smorgasbord, it’s easy to employ crappy third-party code that leaves you wide open.  That’s what happened here.

The lesson is obvious: since you’re not going to do a line-by-line security analysis of your WP plugins, you should stick to plugins which are widely-used.  Of course, the more popular a plugin is, the more it is targeted, so maybe what you really need is a security plugin…sigh.

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.