Digital Marketing Strategies That Produce Results

Digital Marketing, SEO, Social Media & PPC

Warning: Critical ‘Backdoor Attack’ Issued For Wordpress Users

Warning: Critical ‘Backdoor Attack’ Issued For Wordpress Users

There are many platforms out there to power your website, but the most popular is Wordpress with over 60 million users. A recent Forbes article warns us about an ongoing “backdoor attack” that is trying to compromise as many of their users as possible. Here is what you need to know: 

What do WordPress website owners need to know?

A website hacking campaign, that has been ongoing since July, has morphed from redirecting browsers to sites containing dodgy adverts or malicious software into something that is potentially even more problematical. Mikey Veenstra, a researcher with the Defiant Threat Intelligence team, said that "the campaign has added another script which attempts to install a backdoor into the target site by exploiting an administrator’s session."

In a warning posted to the WordFence security blog on August 30, Veenstra revealed that a malicious JavaScript dropped into compromised websites looks to "create a new user with administrator privileges on the victim’s site." If a logged-in administrator is identified as viewing the infected page, it then goes on to make an AJAX call via jQuery, one that creates a rogue administrator account.

"This AJAX call creates a user named wpservices with the email [email protected] and the password w0rdpr3ss," Veenstra said, "with this user in place, the attacker is free to install further backdoors or perform other malicious activity."

How are the attackers getting access to your website?

As is often the case where WordPress site compromise is concerned, the threat actors behind the current attack campaign leverage vulnerabilities in third-party WordPress plugins. The official WordPress website states that there are some 55,133 plugins available at the moment. According to an Imperva report looking at web application vulnerabilities, only 3% of these were newly added during 2018. This means that there are a lot of old plugins out there, and likely still in use, which haven't been updated for a while. Given that in the report Imperva revealed "98% of WordPress vulnerabilities are related to plugins," the extent of the problem is easy enough to grasp.

Meanwhile, Veenstra stated that the plugins that are under attack currently had been identified as follows:

  • If you are a WordPress-powered website owner using any of these plugins, then you are advised to check you have the latest updated versions. Follow the links above to check on update status, as most of these have already been patched. However, Veenstra warned that "it’s reasonable to assume any unauthenticated XSS or options update vulnerabilities disclosed in the near future will be quickly targeted by this threat actor."

    How can you best mitigate WordPress website threats?

    "As always, updating the plugins and themes on your WordPress site is an excellent layer of defense against campaigns like these," Veenstra said, "check your site for needed updates frequently to ensure you’re receiving the latest patches as they’re released."

    Ethical hacker John Opdenakker says that it's "best to combine several layers of protection," so as well as those plugin update checks he says, "it’s certainly a good idea to use a web application firewall to help block cross-site scripting (XSS) attacks."

    I would add that using two-factor authentication for admin access to the WordPress website isn't optional these days; it's a must-have.

    This advice applies to all website owners that have taken the WordPress route to content publishing, not just the most popular or the big names online. Don't think that just because you are a little fish in a big pond that the cybercrime sharks won't bite you; they will. Criminals are always probing sites for ways to compromise them, either to use for serving malicious adverts, redirecting to other malicious websites or to get a foothold that can be leveraged as part of a bigger attack plan.

    Contact our elite marketing team today to further help you with your website! 


    Get in touch

    Get Your Free Consultation Now

    You'll learn which levers will yield the highest impact for your business, what metrics to keep an eye on, and what things you can apply immediately to see quick results.

    What Our Clients Are Saying

    "Seeing extraordinary growth in our business"

    Before switching to Webforce we tried BigCommerce, Shopify, WooCommerce, and other systems that didn't achieve what we needed. Webforce works great for digital & physical products, it integrates seamlessly with our shipping and fulfillment, & It's flexiblility in services along with awesome marketing tools are great for maximizing our online advertising campaigns. We are seeing extraordinary growth in our business and would recommend this to anybody looking to take their business to the next level!

    Tony Moy

    Sales Director - BrainJuice

    "Recouped our investment in 2 weeks and 110K in the first full month of working with WebForce. 496% ROI! "

    Instead of 6 months or more and spending tens of thousands trying to do this on our own, Luis Madrid, Johnson Li, and the rest of the Webforce team, helped us get everything set up and start seeing a profit in just a few weeks.

    Joe Barton

    Barton Publishing

    "I'm glad we hired you guys to do it"

    Ya'll keep doing what you doing. I'm not a marketing or tech person, but I'm glad we hired you guys to do it. Let's keep it coming!

    Corey Calliet

    Fitness Celebrity & Influencer

    "Professional, friendly, technical expertise and trustworthy service."

    The completed site has exceeded our expectations and is very easy to use with no barriers. I have already seen the generation of business directly driven by the website; which is a result of Luis' SEO strategies to place us on the front page of search engine results. I would not hesitate in recommending Luis and Webforce HQ for their professional, friendly, technical expertise and trustworthy service.

    Christian Santi

    Director of Sales

    "Glad We Partnered With WebForce"

    We've been working with Luis & WebForce for over 5 years and I couldn't be happier with the results. Their marketing, design and expertise has led us to great success. Using their CRM platform to power all our online funnels, e-commerce and lead generation simplified the process and made running my business much easier.

    Tom Hegna

    Author & Retirement Expert

    "Miles Ahead of Konnektive & Limelight"

    I've been in the industry for over 20 years and have had exposure to many CRM's along the way. The landing page builder, ecom store module, one click upsells and membership site features that are all built in, are miles ahead of konnective, limelight and other technologies I've seen. I really like the platform!

    Jason Isgro

    Digital Marketer // Developer

    "Over 500k In Revenue in Less Than 6 Months"

    We wanted to propel our brand Purelife Organics. With the help of WebForce, we deployed Sales Funnels, VSL's, a brand new E-Commerce store and with the help of their Outbound Sales Center, we achieved Over 500k In Revenue in Less Than 6 Months

    Todd Lamb

    Purelife Organics