Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Imunify360 team decided to work on some security shortages and eliminate them. It was a supported practice for web hosting clients, to manage their own security settings such as Proactive Defense.

Today websites are essential for business and operations. To make web design more efficient with added website functionality, web designers use various Plugins. Plugins are the building blocks of a website - they are the little programs that perform a definitive task - based on the needs and personalized requirements of the website owner. It is a lot like providing additional add-ons to the website. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

As of writing this article, there are more than 52,000 plugins on the market. There are free to use and commercial plugins available from third-party companies and developers. There are also Nulled Plugins which are pirated copies of legitimate versions of different premium plugins, nulled plugins act as a backdoor for many harmful activities. In this article, Krithika Rajendran, malware analyst at Imunify Security will go over the behavior of wp-sleeps and will tell more how to keep your servers protected.

March monthly digest gives an overview of version and package updates and the latest security vulnerabilities detected by the Imunify Security team. Read the posts below to learn all and beyond brute force attacks and how Imunify360 could mitigate them.

Brute-force attacks are the most widely used cyber-attacks in the cyber-sphere. And dependent on the target, the protection method is unique to the attack. There are two main types of brute-force attacks:

• Service level brute-force, targeting ssh, ftp, smtp services and others.
• Web application level brute-force, e.g. attacks against WordPress, Magento, and similar CMSes and web-scripts.

In February 2021, Imunify introduced a new version of Imunify360, version 5.5. Keep on reading to learn more about new releases and packages updates. Also, we recommend checking our new articles covering website and server security.

For website owners unfamiliar with common malware, having malware on your site that doesn’t  cause any obvious issues is seemingly harmless to the site owner. How bad can malware be if it just injects links? If site owners do not understand the repercussions of malware, then they will not take it seriously. It often means that these site owners don’t have the necessary monitoring and malware protection in place to defend sites. For shared hosting providers, this issue can have severe consequences and long-term effects on the server’s reputation and potential profitability. Additionally, read our website hosting security article and learn how to keep your website secure in 2021.

In 2020, approximately one million websites hosted on WordPress were actively targeted by cyber-criminals. Large-scale campaigns are common and your server could easily be compromised without you noticing it. Even when malware is silent and undetectable, it can cause long-term side effects that damage your business reputation, customer retention, revenue, and lead generation from search engines. It’s imperative to business continuity that you detect attacks, mitigate ongoing attacks, and remediate them quickly after they are found.

What if we told you that ~15% of infection sources are database infections? If you have ever tried to clean up malicious injections (usually, thousands of them) from the database table, you know how much time and pain it would take. There's a lack of professional solutions to detect and clean up malware in the database automatically. We want to save your time and provide you with another top-notch solution to detect threats in the databases (in addition to our trailblazing Imunify file scanner). We call the solution “Malware Database Scanner” (MDS).

Despite the fact that the festive season already starts in December, this month was busy for the Imunify Security team. Keep on reading to find out more about the latest package updates and some tips on how to stay secure. Stay safe and hopefully 2021 will bring you a lot of joy and pleasant moments!

 

A hacker might not cause any noticeable damage when infiltrating your web server. You may not notice any change in performance or any loss of data.