Attacks on WordPress websites

2017February27_WebandCloud_CWordPress is currently the most used web platform, with a market share of 40-50% out of all Content Management Solutions (CMS) platforms. It powers various types of websites, from personal sites to those of small- and medium-sized businesses as well as multinational corporations. If you run a website on WordPress, yours may have been one of the thousands of sites defaced by 20 attackers. Read on to find out more.

WordPress attacks by the numbers

In 4 separate attacks, an estimated 40,000 websites were compromised, defacing 67,000 web pages, which has quickly gone up to 1.5 million. A security release update, WordPress 4.7.2, was immediately launched to mitigate the flaw, but not everyone was able to deploy it on time, thus inflating the number of corrupted web pages.

Although WordPress took measures to ensure that the vulnerability would go unnoticed, hackers found a way to get around the initial fixes and exploited the sites that remained unpatched. Those who haven’t applied WordPress’s latest security release were the ones most harmed by the defacement campaigns, and it soon became highly publicized.

Steps taken

Fixes have been deployed and stronger patches are in the works, but hackers do not just sit around and wait to be taken down. In fact, more attacks are being launched concurrently with security developers’ attempts to strengthen blocking rules.

In preparation for further exploits, WordPress liaised with cybersecurity firms to implement protective measures. Google did their part by announcing via Google Search Console the critical security updates that webmasters must install to protect against the WordPress-specific attacks. Meanwhile, web application vendors and web hosting companies are poised to protect their customers from attacks by installing web filters on their customers’ web servers.

Despite these measures, the attacks are expected to continue and the masterminds behind them will come up with strategies more insidious than merely modifying several web pages. Updating security patches that can effectively alleviate the vulnerabilities’ impact will also take time to develop and launch.

The importance of patches

Some attacks may cause a blip on your business’s networks, while others might cause its demise. From all these attacks, one lesson is worth emphasizing: Applying the most up-to-date patches is critical to your systems’ security and business’s survival.

Unpatched systems are the easiest targets for hackers who are always on the lookout for vulnerabilities to exploit. If your organization lacks the capacity to manually update security patches, consider deploying patch management software. Keeping all your software updated with the latest patches may seem like an insurmountable task, but the price of neglecting it can cost you dearly.

WordPress remains the most widely used CMS and its popularity is not going to wane anytime soon. If your website runs on WordPress and you’re considering security options that will ensure your company is poised to handle breaches, contact us for advice.

Published with permission from TechAdvisory.org. Source.

Schedule a free 15-minute discovery call
We’ll discuss your IT requirements and assess whether we’re the right fit for you.

Share:

Liked the articles?

Well, there’s plenty more where that came from! Our incredible team is constantly on the lookout for the latest and greatest IT content to keep you informed about what’s cooking in the world of technology. Make sure you don’t miss out on our amazing content by subscribing to receive blog updates.

  • Remark: We will collect your information for marketing purposes. However, we respect your privacy rights. If you wish to access or amend any Personal Data we hold about you, or request that we delete any information about you that we have collected, please send us an email: info@mis-solutions.com
  • This field is for validation purposes and should be left unchanged.