93 318 54 36

WordPress Vulnerabilities = WordPress Hacked

22/02/2022
Jose Fco. Llerena

Clients often come to Indianwebs with their WordPress hacked and there are more and more attacks that this CMS is suffering.

The main reason why a website is hacked is the lack of website maintenance, but it is also true that hackers find vulnerabilities or security flaws in plugins and themes.

The importance of updating your WordPress plugins and themes

A vulnerability has recently been found in one of the most used plugins to make backup copies called UpdraftPlus.

Last February 15 at night, UpdraftPlus He received a security notice from security analyst Marc-Alexandre Automattic's Montpas, which found a flaw in current versions of UpdraftPlus.

UpdraftPlus

This error allowed each user who is logged into a WordPress installation with the version current plugin, download one Backup of your entire website, including your database.

This means that your WordPress login password is left unprotected. Affected websites are therefore at risk of data loss or theft.

Although UpdraftPlus has quickly fixed it with a new forced update and there is no public proof of how to exploit this exploit, it is very easy for a qualified technician to exploit.

This information was published about a day after the updated and secure versions of UpdraftPlus were available.

At least 1,7 million users received the update yesterday out of 3 million users who have this plugin.

At Indianwebs we care about the safety of our clients and although we recommend making backups With plugins similar to this one, updating plugins and themes is also necessary.

If you use WordPress with the UpdraftPlus plugin, we strongly recommend that you confirm that the plugin has been automatically updated to version 1.22.4 or later in the free version, or 2.22.4 and higher in the premium version.

Other WordPress hacks

GoDaddyAt the beginning of the year, an indirect attack was detected through GoDaddy that exposed 1,2 million accounts. All admin passwords for WordPress sites hosted on the platform, as well as passwords for sFTP, databases, and SSL private keys, were compromised.

But it is not the only attack that this web hosting platform receives, since in 2018 an error exposed data from its servers and in 2020 an unknown user accessed more than 28.000 user accounts. GoDaddy has also been implicated in hackers who tricked “certain employees” into handing over ownership or control of the web domains of multiple cryptocurrency services.

 

Related articles

Do you need to update your website?

Do you need any of our web design services? In IndianWebs We have extensive experience, and a team of programmers and web designers in different specialties, we are capable of offering a wide range of services in the creation of custom web pages. Whatever your project is, we will tackle it.

Contact us