How serious are the WordPress Malware Attacks?
According to the WordCamp site, there are currectly over 75 million sites that use WordPress. While no one actually has the actual number of attacks. The WordFence plugin has been downloaded over 180 million times and protects 4 million WordPress wordsites. According to their users experience there are 2800 malicious login attemts per second against WordFence customers.
“2,800 malicious login attempts per second against WordFence customers” – WordFence
The WordFence analysis only accounts for a very small portion of the WordPress community. If malicious attacks are consistent across the WordPress platform that could account for over 50,000 attackes per-second. The liklyhood of the attacks being consistent is slim. Hackers are smart people – and I am sure they have already figured out that attacking a WordPress site that does not have Security Provisions in place is easier to access than one with Security. I would think that attacks on systems without security is more prevalent that sites that do have security.
2021 WordPress Plugin Attacks
Ninja Forms – Four more critical security vulnerabilities in January 2021 following the June 2020 vulnerabilities.
BUG 1: Authenticated Email Hijacking Account Takover.
Allows an attacker with subscriber-level access (the lowest access available to WordPress users, and one that most WordPress website have set to allow anyone to register as a subsciber). If your site does not require users to register, be sure to turn off Subscriber level registations.
Bug 2: Authenticated OAuth Connection Key Disclosure.
Low-level users (subscribers) were able to trigger a connection and retrieve client_id for established OAuth connections.
Bug 3: Cross-Site Request Forgery to OAuth Service Disconnection.
Attackers could disconnet OAuth connections.
Bug 4: Administrator Open Redirect.
The attacker could redirect the admin user to malicous site that can infect the admin’s computer with malware.
- 📰ninjaforms (1+ million installations)
123ContactForms – Sucuri first reported the problem with 123ContactForms stating that attackers are able to use software vulnerabilities to create their own posts and add malicious files to the website.
- 📰123contactform (3K installations)
Learn More About WordPress
Read my most recent WordPress Blogs.
WordPress – The Year Ahead
Minutes - Sandy Mush WordPress Meeting #005 Tuesday, 26th January 2021 Topic - What to expect from WordPress in 2021 Gutenberg Blocks - are not going away. Full-site editing in core before the end of the year. WordPress 5.8 (June 2021) New WordPress Slack Channels ...
WordPress and Progressive Web Apps (PWA)
Progressive Web Apps Presentation - create for the Sandy Mush WordPress Meetup Group.
The Impact of WordPress Plugins
What is the Impact of WordPress Plugins What is the real impact of using plugins to enhance WordPress performance? The WordPress Plugin library offers an endless depth of enchantments for your WordPress site. You name it - I am sure there is a plugin or two that can...
2020 WordPress Plugin Attacks
- 📰Easy WP SMTP (500,000+ sites).
Loginizer Plugin – WordPress developers categorized the security issues affecting the plugin and one-of-the-worst. Which resulted in the WordPress developers pushing an automatic update to all users (even those that had the plugin disabled). The forced update was the first indicator that WordPress has the ability to automatically update everyones plugins – even when they are not active.
- 📰Loginizer Plugin (million+ users).
NextGEN Gallery – Over 530,000 sites still exposed to attackes. Yes, NextGen Gallery got hit by another hacker using Remote Code Execution to effective take over the WordPress site. NextGEN Gallery acted quickly to provide a patch for the hack. A few days after the release only a small portion of the GalleryGen Gallery plugin had updated to the safe verison of the plugin – leaving more than 530,000 potentially exposed to takeover attacks.
In 2017, NextGen Gallery was attacked with a SQL injection which allowed an unauthenticated used access to website database, includling sensitive user information.
Here are articles to learn more about the NextGen Plugin hack.
Ninja Forms – The Threat Intelligence team reported a XSS vulnerability in WordPress Ninja Forms. The plugin vulnerability allowed an attacker to easily replace contact forms with a malicious form.
- 📰ninjaforms (1+ million installations)
Would you like to learn more about WordPress hacks and the impact of using WordPress Plugin. Read my Blog – The Impact of Using WordPress Plugins
Article Updates
2/18/21 – Added second NextGEN Gallery WordPress plugin article link.
2/25/21 – Added second Ninja Forms WordPress Plugin hacked.