Wordfence reports that hackers are widely attempting to exploit a vulnerability that they reported over three months ago.  According to The Register:

Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks — the WordPress security shop claims it blocked an average of 443,868 attack attempts per day on its customers’ sites.

The vulnerability is around  “Modern WPBakery Page Builder Addon” which was formerly sold on the Envato marketplace.  Its history is instructive.  Someone made something and published it, then walked away.  Some time later, a vulnerability was found.  Then some time after that, Wordfence published an alert.  There will never be a fix because the developer has abandoned the code.  Hence there are all these zombie sites ripe for attack.

WordPress is the most over-criticized and under-criticized platform.  Over-criticized because some people think that every WordPress installation can be trivially exploited, which isn’t true.  Under-criticized because if you treat WP like a plugin smorgasbord, it’s easy to employ crappy third-party code that leaves you wide open.  That’s what happened here.

The lesson is obvious: since you’re not going to do a line-by-line security analysis of your WP plugins, you should stick to plugins which are widely-used.  Of course, the more popular a plugin is, the more it is targeted, so maybe what you really need is a security plugin…sigh.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• FLASH SALE: Cheap cPanel Shared Hosting from eWallHost for $7.97/YEAR! - April 24, 2024
• Should You Change Your Windows RDP Port?Yes. - April 23, 2024
• DediRock: Not Just Dedicated Servers!They Have Cheap VPSes in Buffalo and Los Angeles, Too! - April 23, 2024