WordPress sites are being targeted by a new Linux Trojan.
The Linux backdoor, according to the researchers who found it, may have been available for more than three years and targets more than 30 vulnerabilities in add-on apps.
The newly discovered Trojan infiltrates WordPress-based websites by exploiting about 30 vulnerabilities in WordPress plugins and themes. To carry out an attack, one of these vulnerabilities must be exploited.
Doctor Linux was found by web researchers who detected two copies of the virus. BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2 warn that websites with outdated or unverified versions of these WordPress tools installed are vulnerable to employing Java scripts to redirect users to malicious sites, and that these applications should be updated as soon as possible.
"Doctor Web's analysis of the identified Trojan application suggests that it may be malware that cybercriminals have been using for more than three years to carry out such attacks and exploit traffic reselling or arbitrage," the researchers wrote about the malware, which targets 32-bit Linux but can also run on 64-bit versions of the platform.
WP Live Chat Support Plugin, Yellow Pencil Visual Theme Customizer, Easysmtp, WP GDPR Compliance Plugin, Google Code Inserter, Blog Designer WordPress Plugin, and WP Live Chat are the plugins and themes abused by version 1 of the Trojan.
Other WordPress plugins used in version 2 include the Brizy WordPress Plugin, the FV Flowplayer video player, the Coming Soon WordPress site, the OpinionStage tool for creating polls, surveys, questionnaires, and quizzes, and the Social Metrics Tracker tool.
WordPress plugins and themes are commonly utilized by hackers to hijack websites; they may be used for everything from phishing to ad fraud and malware distribution. Vulnerabilities are rather prevalent.
In December, for example, an SSRF vulnerability in the Google Web Stories plugin was uncovered, allowing a cyber attacker to gather metadata from AWS-hosted WordPress sites and potentially connect to a cloud instance and execute instructions.
WordPress is vulnerable to seven different forms of assaults (and how to avoid them)
Read these techniques to secure your WordPress site from assaults.
WordPress is the world's most popular content management system, with over 50,000 plugins and themes that make it simple for pros and beginners alike to create amazing, professional-looking websites.
WordPress, however, is frequently targeted by hackers who exploit vulnerabilities and inflict harm owing to its great popularity, massive user base, and publicly available development choices.
Here are the seven most prevalent forms of assaults hitting WordPress sites today, as well as advice on how to defend your site:
1. Brute force assaults
The most prevalent sort of assault is a brute force attack, which targets one of your security's potentially weakest links: your password! Cybercriminals use brute force attacks to test several password combinations until they locate the correct password.
This is not an elegant approach, but it has shown to be quite successful with weak passwords and usernames like "123", "password", and "admin".
A simple attack, on the other hand, is simple to defend against. Keep an eye on the WordPress password strength indicator and experiment with the following options:
Passwords that are lengthy
Make use of a good mix of numeric and alphabetic characters.
Avoid using dictionary phrases or words that are relevant to your website or company.
Avoid using apparent pronouns like "Flat/Fl@t".
To improve security, use two-factor authentication.
If there are a large number of random login requests, it is most likely a brute force assault.
2. WordPress vulnerabilities are at the heart of the problem.
WordPress is an open source solution that helps your firm to cut expenses while still providing numerous options for creativity.
Because the source code is freely accessible, potential fraudsters can detect and exploit significant weaknesses.
Continuing to use current versions of WordPress with older versions of the WordPress PHP scripting language is one of the simplest ways to keep your WordPress site vulnerable to attack.
Fortunately, several developers are aware of these flaws and are working on solutions to safeguard your WordPress site.
If you want to defend your site against new and current dangers, make sure you have the most recent updates installed. Log in to your WordPress admin account and navigate to Control Panel >> Updates.
3. SQL Injection
One of the most popular WordPress attacks in which someone might inflict harm or obtain access to the WordPress administrator by modifying the MySQL database using malicious SQL queries or instructions.
A SQL injection attack can be launched against any section of a WordPress site that accepts user input, such as a contact form or search box.
Themes and plugins might be a vulnerable point for SQL injection attacks, so be sure that any product you install is from a reputable developer.
Because MySQL database software is prone to these sorts of assaults, it is critical to stay up to speed on software changes and to never grant access to MySQL data.
Changing the default name of your WordPress database is one of the easiest tactics you can do to defeat unsophisticated hackers. It will be far more difficult for fraudsters to identify the data in your database and maintain your site clean if you pick a more unique database name.
4. Plugin and theme vulnerabilities
Plugins and themes are excellent for adding capabilities to WordPress sites or creating a distinct look and feel. However, because they rely on developers to regularly address security gaps and vulnerabilities, plugins are a prominent target of attack against WordPress.
Because an old plugin might leave your site open to attack, here are some measures to help you defend it:
Plugins should always be updated through the WordPress dashboard.
WordPress plugins should be updated on a regular basis.
Always use the control panel to update your plugins.
To find any vulnerabilities with your current plugins, use the plugin security scanner, which can be located under Control Panel > Tools.
If a plugin has not been updated in more than six months, the developer may have abandoned it. These are the most vulnerable plugins and should be avoided.
5. Site-to-site scripting
Another prevalent sort of attack, known as an XSS attack.
An XSS attack is a malicious JavaScript code delivered by a cybercriminal by default with the intention of gathering information without the user's awareness or transferring the user to another website.
Phishing attempts, such as subscribing to a newsletter or posting on a forum, are the most typical XSS assaults.
The easiest method to avoid this attack is to ensure that all of your data is correctly validated across your WordPress site. Validation is a critical skill for achieving effective security, and it essentially involves ensuring that all of the data on your site is correct.
WordPress includes some wonderful data validation developer tools, but for those just starting started with scripting, there are various WordPress XSS plugins that safeguard against code injection. With security features that filter and mitigate vulnerabilities, several WordPress plugins can assist prevent XSS assaults.
6. DDoS assaults are common.
DDoS assaults are one of the most well publicized attacks today, wreaking havoc on hospitals, banks, and huge corporations such as Sony, Netflix, and Amazon throughout the world.
A DDoS (Distributed Denial of Service) attack happens when a web server is overwhelmed with requests and crashes.
DDoS assaults are well-planned and aim at both small and large websites.
Although DDoS assaults are frequently highly concealed and difficult to fight against, there are various methods available to help avoid and halt them. However, you may protect yourself from a successful attack in a variety of ways, for example.
You might try to deactivate the malicious API during the attack to limit the amount of requests.
Disabling third-party programs on your WordPress site may also be beneficial.
Use extensions that automatically ban IP addresses that engage in dubious behavior.
By creating a web application firewall, you may identify suspicious requests and prohibit them from accessing your site, so preventing an attack.
Console for Search Improvement
The WordPress Search Improvement Console plugin, for example, bans IP addresses that are looking for certain search queries that you set.
This is a useful initial line of protection against particular computer assaults.
7. Malware
Downloading malware onto a user's device is a typical target for cyber attackers, and WordPress is a prominent target owing to its popularity.
In order to exploit exposed vulnerabilities, cybercriminals frequently seek out WordPress sites with older versions. Another compelling incentive to upgrade.
Malware may be avoided by installing plugins that scan and identify malware on your website. Some powerful plugins may even eradicate malware while also locating the source of the vulnerability.
Last Thoughts
To safeguard your network and devices, constantly check for updates and install a VPN that uses the most recent DNS leak prevention techniques, SSL authentication, and encryption.
Install a WordPress backup plugin that performs frequent backups.
Finally, the CreativeMinds security plug-in bundle addresses all of your fundamental WordPress site security requirements. Test it out with a discount on premium security plug-ins.