Cybercriminals Hurl a Wave of Attacks at Vulnerable Wordpress Sites

WordPress is one of the most popular Content Management Systems (CMSes) in the world with over 50,000 plugins and themes allowing professionals and novices alike to create amazing websites with ease. But, with great popularity and freely available development options, WordPress is often a target of cybercriminals seeking ways to launch their malicious activities.

SEO Spamming remains a top objective

Hijacking WordPress for SEO spamming poses big trouble for branded websites.
  • In an incident discovered recently, a new cybercrime gang leveraged vulnerable WordPress sites to install scammy e-commerce stores with the purpose of lowering a site’s search engine ranking and reputation.
  • The attackers gained access to the site’s admin account through brute-force attacks, after which they overwrote the site’s main index file and appended malicious code.
  • Researchers also discovered that attackers are injecting malicious PHP files into the WordPress sites to ensure a steady flow of SEO spam links.

Vulnerable themes and plugins fuel more attacks

In addition to SEO spamming, WordPress plugins provide a convenient avenue to attack for cybercriminals.
  • On November 17, Wordfence researchers reported an ongoing large-scale attack that involved mass scanning of WordPress sites with Epsilon Framework themes vulnerable to Function Injection attacks.
  • Installed on over 150,000 sites, these vulnerable themes could lead to a full site takeover.
  • Moreover, during early November, instances of vulnerable WordPress plugins such as Ultimate Member and Welcart e-Commerce were found to be affected by severe vulnerabilities that could let attackers hijack sites.

WordPress is not alone in the mess

  • Not only WordPress, but other CMSes such as Drupal and Joomla are also equally lucrative targets for cyberattacks.
  • Lately, admins of sites running on Drupal were urged to plug a security hole that relied on the double extension" trick.
  • Drupal devs said that the vulnerability resided in the fact that the Drupal CMS does not sanitize "certain" file names, allowing some malicious files to slip through.

Key takeaways

It is no surprise that unpatched vulnerabilities in WordPress core software are fueling malicious ambitions of cyberattackers. Therefore, plugging the security issues at right time and following best cybersecurity practices is an answer to secure WordPress sites from cyberattacks.