According to the statement made by Defiant, the company behind Wordfence, which works on WordPress security, millions of WordPress sites have been hacked this week. The company said a vulnerability in a popular WordPress plugin triggered an internet-wide security issue.
Millions of WordPress sites are at risk of hacking
Even though WordPress is under attack all the time, the main source of the recent development is a plugin called File Manager, which is used on more than 700 thousand sites. Zero-Day vulnerability discovered by hackers allows malware to be installed on sites running older versions of the plugin. While it is not yet clear how the hackers discovered this vulnerability, experts rolled up their sleeves to identify the sites where the plugin was located.
Speaking on the issue, Defiant’s Security Analyst Ram Gal said, “Attacks related to this vulnerability have increased considerably in recent days,” Zdnet reports. Gal also highlighted that the attacks started slowly, and records of the attacks were growing, especially at close to 1 million sites.
Regarding the issue, the developer of File Manager tried to solve the problem with the patch it created since the day the team learned about the attacks. While some sites have installed this patch, others haven’t fully noticed the event yet.
In addition, the 5.5 update released last month for WordPress includes a configuration that will automatically install plugins and themes for site owners whenever a new update is released. Thus, it is aimed to be more secure against attacks when the installed add-ons are run.