Playbook for wordpress related attacks
Due to its huge number of active installations, WordPress is a massive attack surface.
The following are cybersecurity considerations regarding wordpress attacks. Have a quick look at the recent ongoing attacks trends since early this year 2020 at [ZDNet]
- Attacks are targeting administrative user account creation
- Unauthenticated remote attackers can wipe the entire database of targeted websites to its default state, after which they will also be automatically logged in as an administrator, allowing them to take complete control over the sites.
- Many hacks originate from compromised login credentials
- Vulnerability in a plugin
- Unwanted subscriber registrations & exploitation.
- Relevant Patch update –
- Example – Administrators of WordPress sites could secure their installs by updating to Elementor Pro to version 2.9.4 and the Ultimate Addons for Elementor to version 1.24.2 or later.
- Enable 2 step authentication for Administrator accounts
- WordPress Dashboard automatically notifies admins when a plugin needs to be updated, but you can also choose to have plugin updates automatically installed instead of waiting for manual action.
- May 28, 2020 – PageLayer is a WordPress plugin with over 200,000+ active installations
- Move to 1.1.2 version as mentioned at https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/
- May 14, 2020 – A critical flaw in the WP Product Review Lite plugin could be exploited to take control of vulnerable WordPress websites. The issue has been fixed in WP Product Review Lite version 3.7.6, which was released on May 14. Users are urged to upgrade as soon as possible. The plugin is installed on at least 40,000 WordPress sites.
March 13, 2020: Initial Version V0.1.0 May 20, 2020: V0.1.1 May 30, 2020: V0.1.2 Next Version: https://stackoverflow.com/questions/61399888/how-do-i-stop-this-attack-on-my-wordpress-site