On May 5, 2020, the WordPress security firm, Wordfence, reported a large-scale attack of 900,000 sites over the course of a week!
Globally, WordPress continues to be the most hacked platform on the planet (by far). Outdated plugins are the most common vector, so if you insist on maintaining a WordPress website, please make sure your plugins are kept current.
Many hackers target recently released patches hoping to find vulnerable websites before administrators have been able to patch them. Though not very sophisticated, it is, nonetheless, very effective.
More sophisticated hackers are exploiting zero-days -- a term used to describe vulnerabilities that are unknown to the plugin authors. In this case, the problem isn't what's known and simply not patched, it's that there are unknown vulnerabilities in widely distributed plug-ins.
So even with updated plugins, new vulnerabilities are being found and exploited regularly. Keeping those up to date is, in our opinion, a false sense of security since there's not a problem until after the damage has been done.
This latest large-scale hacking event exploited a cross-site-scripting vulnerability that was unknown until it was exploited and subsequently found. Oops... too late.
WordPress having plug-in security issues is not a new problem. It goes back years and continues to be pervasive in 2020. Just do a simple Google search for WordPress Hacked 2020 and if you're still on WP, prepare to rock back and forth wishing you hadn't clicked that link (you clicked it, didn't you - sorry...).
We maintain that if you really care about your website - its content, your visitors' security (because most hacks these days involve targeting your visitors), and ultimately, your brand reputation - you should consider moving to a more secure web platform. And consider doing it sooner rather than later. Now that so many people are working from home, Internet traffic is up, which means that this moment in time is a hacker's delight.
Looking for a quantum leap in speed, security, and ease of use? We're happy to demo our Web CMS platform and send you our security grades across comparable industry websites at no obligation. Migrations are quick, easy, and inexpensive.
Be well and be safe out there
~ Your Friendly Animus Rex Team
Related Articles:
WordPress Hacked Again - 100,000+ Pages Defaced
Wordpress Continues to be the Most Hacked Website Platform on the Planet
External Links:
https://securityboulevard.com/2020/05/8-vulnerable-wordpress-plugins-attacked-recently/
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
https://www.techradar.com/news/thousands-of-wordpress-sites-hacked-in-scam-campaign