Hackers now seem to have turned their attention to sites built with WordPress. Thousands of sites were reportedly hacked in April alone, according to a newly released report.
One of the first content management systems that comes to mind when it comes to creating and editing a site. WordPress‘Truck. The fact that WordPress is a free and easy-to-understand personal publishing system is one of the main reasons it’s so popular with bloggers and amateur websites in particular.
If you’ve visited a website recently and were randomly redirected to the same pages with “resources” or unwanted advertisements, it could mean two things: The site in question was most likely either built with WordPress tools or has been hacked. According to a new study, WordPress themes and plugins that are known to have security vulnerabilities, hackers may be on target.
Hackers attacked 6,000 sites in the past month alone
Researchers at Sucuri, a GoDaddy-owned security provider, have found that hackers can access WordPress themes and plugins with known vulnerabilities. malicious scripts He warns of injecting. Using plugins and themes affected by the new exploit in question. 322 Stating that it is a WordPress site, researchers from Sucuri say the actual number of websites affected is likely to be higher than that. much more also points out.
Sucuri malware analyst Krasimir Konov said that in April alone, hackers 6,000 reports that he attacked the site using this tactic. Konov stated that hackers’ intrusions were noticed as a result of investigating WordPress sites with unwanted redirect complaints; the files and databases of all these sites are hidden a malicious JavaScript means it contains. Users of this JavaScript phishing pages and malware Konov noted that he directed them to pages containing; He adds that users may not realize that they are in a dangerous situation most of the time, because the redirected landing page looks quite innocent.
In his statement on the subject, Konov said, “This page tricks unsuspecting users into subscribing to push notifications from the malicious site. If users click on the fake CAPTCHA, they choose to receive unwanted advertisements even when the site is not open, and the advertisements are not from a browser, from the operating system It looks like it’s coming” uses expressions.
Worse still, Konov said opt-in maneuvers for push notifications were used by hackers to enable tech support scams. most often He underlines that it is one of the methods he uses. This fraud method; suddenly appear on your device. virus It contains windows saying it’s infected and you need to call a phone number to fix the problem. As a result of users falling into this tonga and calling the number, hackers achieve their goals.
WordPress states that plugins and themes are regularly scanned
Speaking to Gizmodo, WordPress.com said that plugins and themes independent It records that they are written as Regarding Sucuri’s report, Şirker said that all plugins or themes available on WordPress.org “for vulnerabilities regular scanned as it states.
RELATED NEWS
OpenSea’s Official Discord Channel Has Been Cyber Attacked: Thousands of Dollars of NFTs Stolen in a Short Time!
“If security issues are detected, plugin and theme authors will be notified. prompt information is given. According to Sucuri’s report, any unpatched plugin is either down or not hosted on WordPress.org. WordPress.org also provides security-related resources to both theme developers and plugin developers.” A WordPress.com spokesperson adds that by default, WordPress notifies and encourages its users to update core software, plugins, and themes.