Mind Your Blog: WordPress Plugin Allows Hackers Full Control

WordPress is the wildly popular platform behind millions of personal and corporate websites. One of the most popular features of the WordPress content management system (CMS) is the ability to add new capabilities and customization via software applications called “plugins.”

As reported this week by Ars Technica, researchers have disclosed a vulnerability found in the popular WordPress plugin MailPoet. With over 1.7 million downloads, MailPoet is the latest case of an issue that is continuously plaguing WordPress users — software vulnerability. Unless continuously maintained through security updates and strict controls, software vulnerabilities can allow hackers the ability to gain complete control over your website. This includes privileged accounts and user data.

120514085458967013

One of the most effective methods to prevent the success of these exploits is through the use of a Web Application Firewall (WAF). The Web Application Firewall acts like a normal firewall, but instead of filtering network traffic, it examines and controls requests that are over HTTP and HTTPs protocols.

Dunbar Cybersecurity manages web security for many of our clients. Over the past week, our analysts have identified a significant increase in traffic scanning for these WordPress vulnerabilities. In the last 30 days, we have seen a 25% increase in WordPress Brute Force attack attempts.

If you have a website, you need to consider the potential risks posed to your organization.

Using very simple techniques, a hacker can:

  • Deface your website
  • Inject malicious code that will compromise your customers
  • Eavesdrop on customer credentials
  • Launch attacks on other servers

Any of these outcomes can greatly damage your reputation — both online and off. Did you know that websites that have a history of suspicious activity or hosting malware can be de-listed from Google?

Deploying a Web Application Firewall is so much easier than it used to be. In fact, with 15 minutes and a simple change to your DNS settings, we can protect your company’s reputation and brand from an array of online attacks.