Nearly 1M WordPress Sites Under Attack Due to Vulnerable Plugins

Nearly 1M WordPress Sites Under Attack Due to Vulnerable Plugins image900,000 WordPress websites have been under malicious attacks. Its main goal is to manipulate the sites and redirect the visitors to malvertising pages. Backdoor viruses target administrative users. The Wordfence team reports on the attacks.

According to the research team, most of these attacks are likely caused by a single hacking group. It will redirect users to a hacker-controlled page. The programming language of choice is JavaScript. It uses the administrator’s session to deliver a backdoor. The implanted location is the theme header of the installation.

How are the attacks against 1 million WordPress sites possible?

Similar infections are being carried against WordPress sites. Hacker actions take advantage of unpatched plugins and extensions.

Hackers exploited these security flaws according to the Wordfence team:

1. Vulnerable versions of the Easy2Map plugin. In August 2019 thee WorPress team removed it from the WP repository. According to our information this is one of the most targeted extensions.
2. An XSS vulnerability in Blog Designer, patched in 2019. More than 1,000 installations remain unpatched.
3. An vulnerability in the WP GDPR Compliance plugin, patched in 2018
4. A vulnerability in Total Donations which would allow attackers to change the site’s home URL. Envato Marketplace removed it in early 2019. We estimate that less than 1,000 total installations remain.

How to protect your WordPress site

The number of sites under attack reaches almost 1 million. It is possible that your installation is either compromised or at risk.

To improve your safety, make sure that all your plugins are updated. You can also delete removed plugins from the WordPress plugin repository. We recommend using a Web Application Firewall to protect against any unpatched vulnerabilities. HowToHosting.Guide is always monitoring hacking attacks, so keep an eye on our site.

Also read Top 5 Best WordPress Security Plugins to Protect Your Website (2020)

Researched and created by:
Krum Popov
Passionate web entrepreneur, has been crafting web projects since 2007. In 2020, he founded HTH.Guide — a visionary platform dedicated to streamlining the search for the perfect web hosting solution. Read more...
Technically reviewed by:
Metodi Ivanov
Seasoned web development expert with 8+ years of experience, including specialized knowledge in hosting environments. His expertise guarantees that the content meets the highest standards in accuracy and aligns seamlessly with hosting technologies. Read more...

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HTH.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust HTH.Guide for reliable hosting insights and sincerity.