Wordpress Plugin Attack: 3 Things to Know

WordPress is one of the largest website building platforms in existence. Unfortunately, with popularity comes great responsibility. While there are a number of firewalls and privacy settings designed to protect a website’s data, there is always a risk for attack. Learn the latest information regarding the WordPress attack on the plugin, File Manager.

Are you currently using the plugin, File Manager? Find out how your WordPress site could possibly be compromised. Click To Tweet

On September 1, 2020, Wordfence, a company providing WordPress security services, announced that an impressive amount of sites had been attacked by the File Manager plugin. A patch was released immediately to combat any data loss or exploitation, but many websites still remain vulnerable. Get the most up-to-date facts by keeping these three things in mind.

1) Millions of Sites Were Affected

While initial reports estimated that nearly 700,000 sites had been probed, it’s now being reported that over 1 million sites are being affected. According to Wordfence, “Although Wordfence protects well over 3 million WordPress sites, this is still only a portion of the WordPress ecosystem. As such, the true scale of these attacks is larger than what we were able to record.” 

2) Unauthenticated Users Gain Control

Many site security hacks can affect a number of settings and data loss, this particular vulnerability can leave WordPress users without control of their files or website. Since File Manager is a plugin that helps users manage files on the backend of WordPress sites, the ramifications haven’t been completely understood yet. As of September 1, “This vulnerability allowed unauthenticated users to execute commands and upload malicious files on a target site.”

3) A Security Patch Was Released

Fortunately, a security patch was released immediately by the File Manager developer team on the same day that the attack was found. However, some site owners have installed the patch but others are not aware of the problem. This delay can be the cause of future vulnerabilities and brute force attacks if not attended to immediately.

Pro Tip: Makes sure your WordPress settings are configured to auto-update plugins and themes to guard against any future attacks.

Security Recommendations

It’s best for all WordPress users to take the following steps to protect against unwarranted attacks against their ip address.

  • If you have the File Manager plugin installed, update it to version 6.9.
  • If you’re not actively using the plugin to share files, uninstall it completely.

Monitor the Health of Your Website

If you currently own a site hosted on WordPress, it’s crucial that you have security features set up to ensure that hackers can’t gain access to your data. ITVibes is committed to protecting your online files and business information long term by constantly monitoring the health of your website.

Contact our team for more information regarding our website design and hosting services. 

Ashlee Vaughn

Ashlee Vaughn is a Web Content Writer at ITVibes, Inc. After receiving her B.A. in Humanities at Thomas Edison State University, she began sharpening her writing skills by completing a Certificate in Technical Writing. Ashlee’s interest in writing comes from her love for organization and it’s apart of everything she does. When she’s not dotting every i and crossing every t, you might find her playing with her new puppy or enjoying a local Houston event with her friends.