Millions of WordPress sites hacked due to a zero-day vulnerability

A representative image of a hacker.   | Photo Credit: Reuters

Millions of WordPress files have been attacked as hackers targeted a zero-day vulnerability in the WordPress File Manager plugin installed in over 7,00,000 WordPress websites.

It is estimated that 37.4% or 261,800 websites are still running vulnerable versions of the plugin.

Attacks against this unguarded plugin rose dramatically over the last few days. Wordfence web firewall recorded attacks against over a million sites just on September 4. In total, the firm has blocked attacks against 1.7 million sites since September 1.

“The true scale of these attacks is larger than what we were able to record,” Ram Gall, Threat Analyst at Defiant, the company behind the Wordfence web firewall said in a statement.

Wordfence protects over three million WordPress sites, all of which are being probed and attacked, he added.

After learning about the issue, the developer team released a patch for zero-day vulnerability. If a user finds that site’s functionality requires consistent usage of the File Manager plugin, they must update the version to 6.9, which patched the vulnerability.

The security company has also advised to uninstall the software completely if a user is not actively using the plugin.

“As a general rule, we recommend that you always have your firewall optimized. When zero day vulnerabilities like this are attacked, having an optimized firewall gives you a much better chance of preventing successful exploitation,” Gall said.

Our code of editorial values

This article is closed for comments.
Please Email the Editor

Printable version | Sep 25, 2021 4:09:42 PM |

Next Story