WordPress is one of the largest website building platforms in existence. Unfortunately, with popularity comes great responsibility. While there are a number of firewalls and privacy settings designed to protect a website’s data, there is always a risk for attack. Learn the latest information regarding the WordPress attack on the plugin, File Manager.
On September 1, 2020, Wordfence, a company providing WordPress security services, announced that an impressive amount of sites had been attacked by the File Manager plugin. A patch was released immediately to combat any data loss or exploitation, but many websites still remain vulnerable. Get the most up-to-date facts by keeping these three things in mind.
1) Millions of Sites Were Affected
While initial reports estimated that nearly 700,000 sites had been probed, it’s now being reported that over 1 million sites are being affected. According to Wordfence, “Although Wordfence protects well over 3 million WordPress sites, this is still only a portion of the WordPress ecosystem. As such, the true scale of these attacks is larger than what we were able to record.”
2) Unauthenticated Users Gain Control
Many site security hacks can affect a number of settings and data loss, this particular vulnerability can leave WordPress users without control of their files or website. Since File Manager is a plugin that helps users manage files on the backend of WordPress sites, the ramifications haven’t been completely understood yet. As of September 1, “This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site.”
3) A Security Patch Was Released
Fortunately, a security patch was released immediately by the File Manager developer team on the same day that the attack was found. However, some site owners have installed the patch but others are not aware of the problem. This delay can be the cause of future vulnerabilities and brute force attacks if not attended to immediately.
Pro Tip: Makes sure your WordPress settings are configured to auto-update plugins and themes to guard against any future attacks.
It’s best for all WordPress users to take the following steps to protect against unwarranted attacks against their ip address.
- If you have the File Manager plugin installed, update it to version 6.9.
- If you’re not actively using the plugin to share files, uninstall it completely.
Monitor the Health of Your Website
If you currently own a site hosted on WordPress, it’s crucial that you have security features set up to ensure that hackers can’t gain access to your data. ITVibes is committed to protecting your online files and business information long term by constantly monitoring the health of your website.