The famous WordPress is a no-safe CMS for you. Hackers are on the verge to deface every WordPress site.
WordPress was founded first in 2003 by Matthew Charles Mullenweg and Mike Little as an open-source content management system (CMS). This platform soon gained popularity due to its free availability and easy-to-use CMS. And today, we’ve tons of websites and blogs created using this open source CMS.
However, hackers seem unhappy. They have been targeting many blogs on WordPress. According to an estimate, more than 1.5 million blog pages have been defaced by these cruel thieves.
These hackers have found a loophole in WordPress and are now attacking sites rather than pages.
Sucuri Inc. found a severe bug with a privilege to attack WordPress pages in large. This vulnerability lets a hacker access your blog and can modify any post or page.
The attackers can attack your WordPress site if you’re using plugins like Insert PHP and Exec-PHP. Both of these plugins have been downloaded by more than a 100,000 users.
Sucuri recommends that if you have installed these plugins, deactivate them and run them within a plugin or theme, not directly from the post.
The Founder and CTO of Sucuri, Daniel B. Cid wrote in his blog:
“It seems attackers are starting to think of ways to monetize this vulnerability”. Defacements don’t offer economic returns, so that will likely die soon. What will remain are attempts to execute commands (RCE) as it gives the attackers full control of a site – and offers multiple ways to monetize – and SPAM SEO/affiliate link/ad injections. We are starting to see them being attempted on a few sites, and that will likely be the direction this vulnerability will be misused in the coming days, weeks and possibly months.”
Sucuri alerted WordPress of this threat on January 20. And within no time, WordPress took every measure to secure the premises threatened by unwanted guests.
On January 26, an update was made to those WordPress sites which had an auto update active. And for those who don’t, you must update the latest version of WordPress 4.7.2. to avoid troubles.