wordpress-plugin-attacks
May 13, 2020

Playbook for wordpress related attacks

By venkat

Summary

Due to its huge number of active installations, WordPress is a massive attack surface.

Technical Details

The following are cybersecurity considerations regarding wordpress attacks. Have a quick look at the recent ongoing attacks trends since early this year 2020 at [ZDNet]

  • Attacks are targeting administrative user account creation
  • Unauthenticated remote attackers can wipe the entire database of targeted websites to its default state, after which they will also be automatically logged in as an administrator, allowing them to take complete control over the sites.
  • Many hacks originate from compromised login credentials

Analysis

Use cases

  1. Vulnerability in a plugin[2]
  2. Unwanted subscriber registrations & exploitation.

Mitigations

  • Relevant Patch update –
    • Example – Administrators of WordPress sites could secure their installs by updating to Elementor Pro to version 2.9.4 and the Ultimate Addons for Elementor to version 1.24.2 or later.
  • Enable 2 step authentication for Administrator accounts[3]
  • WordPress Dashboard automatically notifies admins when a plugin needs to be updated, but you can also choose to have plugin updates automatically installed instead of waiting for manual action.

Latest attacks

References

References

https://www.zdnet.com/article/hackers-are-actively-exploiting-zero-days-in-several-wordpress-plugins/
https://wordpress.org/support/article/two-step-authentication/

Use cases
https://securityaffairs.co/wordpress/102899/hacking/elementor-pro-ultimate-addons-elementor-flaws.html
https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html

Revisions

March 13, 2020: Initial Version V0.1.0
May 20, 2020: V0.1.1 
May 30, 2020: V0.1.2
Next Version:  
https://stackoverflow.com/questions/61399888/how-do-i-stop-this-attack-on-my-wordpress-site