The WordPress content management system or (CMS) is one of the most popular web applications on the market. It’s estimated that WordPress powers almost 40% of the internet, up from 30% just a few years ago. The foundation for the content management system’s success is its convenience, simple installation, and vast theme and plugin community. WordPress can be used by someone who has very little knowledge of the ways a web application functions, but it comes at the expense of security. The article covers the following topics:
As part of Imunify360’s proactive malware research activities, we recently identified that a plugin named Adicionar Banco Inter ao WooCommerce from WordPress repository, which can be used to identify malware in web servers, indeed had active malware inside one of the plugin’s source files.
Today websites are essential for business and operations. To make web design more efficient with added website functionality, web designers use various Plugins. Plugins are the building blocks of a website - they are the little programs that perform a definitive task - based on the needs and personalized requirements of the website owner. It is a lot like providing additional add-ons to the website. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.
As of writing this article, there are more than 52,000 plugins on the market. There are free to use and commercial plugins available from third-party companies and developers. There are also Nulled Plugins which are pirated copies of legitimate versions of different premium plugins, nulled plugins act as a backdoor for many harmful activities. In this article, Krithika Rajendran, malware analyst at Imunify Security will go over the behavior of wp-sleeps and will tell more how to keep your servers protected.
The high severity vulnerability in Post Grid WordPress plugin that appeared in public resources is suspected to be the cause of attackers’ interest to exploit the affected systems.
The discovered vulnerability allows an attacker to forge the template with further inclusion of its code to the application's backend with the ability to perform malicious actions involving privileged users. This could end up with a stolen administrator session or malware injection.
On Wednesday, 2 September, the Imunify360 Web Protection Team detected a significant rise in blocked malware that day. Most of the malware was located in the /wp-file-manager/lib/files/ directory path.
When we investigated, we determined that there was a critical vulnerability in the File Manager plugin for WordPress, and that this vulnerability affected a variety of applications.
As part of Imunify360’s proactive malware research activities, we recently identified that a plugin named Malicious Checker from WordPress repository, which can be used to identify malware in web servers, indeed had active malware inside one of the plugin’s source files. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.
Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.
Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million
The Imunify security team recently detected a vulnerable plugin in the WordPress plugin directory. It’s called PressForward, and it’s used to manage editorial workflow. This free plugin included an iframe that could be used to send visitors to a malicious web page.
The Imunify team identified the vulnerability in this plugin on the first of July, 2020. At the time it was discovered, the plugin was installed on 800+ websites, where it could be used to send visitors to phishing sites and conduct black SEO campaigns. The plugin’s change log indicates that it has been there for almost a year:
bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability.
How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.
At 11am EST on Friday 29 May, we’ll be conducting a live webinar on the new features and updates of Imunify360. Sign up and join the conversation on what’s new with our automated server protection suite.
The webinar recording is now available. You could watch it here.