WordPress is a popular platform for building websites, but this popularity has made it a target for hackers. And it’s now being used to launch hacks.
It’s estimated that around 75 million websites use WordPress as the backbone for their content. But not even the largest and most profitable tech companies are immune from hacking. Vulnerabilities are present in almost every piece of software ever designed. And when these vulnerabilities are discovered they will be exploited almost instantly by hackers. WordPress has fallen foul of this all too common scenario and, as a result, 100,000 web users have felt the attentions of these hackers.
Due to the ubiquity of WordPress websites it’s likely that your organization engages with them on a daily basis. It may even be that your organization’s website is hosted through WordPress. Either way, the threat presented is one you want to avoid, so let’s take a look at it.
How were the WordPress Sites Compromised?
Security experts Zscaler were the first people to identify that WordPress sites had been compromised. The nature of the hack is sophisticated, but relatively simple to pull off. After discovering a vulnerability in the ‘theme’ plugin, which is included in WordPress sites, the hackers were able to infect the sites with malicious scripts. These scripts were a form of code which redirected visitors to a Flash Player update alert. However, this urgent update was fake and all that would be downloaded was a malicious file.
The file in question was a Remote Access Trojan (RAT) which allowed remote access to the infected PC. And, with unrestrained access, the hackers were granted the opportunity to download and distribute malware as well as the chance to compromise data. But this isn’t the only way in which the malware infects PCs. Those using the Chrome browser faced an additional threat. Upon visiting the infected WordPress sites, Chrome users were prompted to download an update for the ‘PT Sans’ font. Again, this is a deceptive request and downloads the RAT.
Protecting Against the WordPress Hack
If you own a website which is built on the foundations of WordPress then it’s crucial that you update the associated content management system. This will instantly prevent your website from cultivating the hack and protect your visitors.
Unfortunately, it’s not always possible to tell when a website is using the WordPress system, so you should make sure you practice the following:
- Scrutinize all Popups: The sheer range of dangerous popups means that they should always be scrutinized. Fake updates tend to stress an extreme urgency which is designed to tempt users into clicking them without checking. Instead, users need to take a second and consult with an IT professional to verify the update is genuine.
- Install Anti-Virus Software: It’s vital that your organization uses anti-virus software. Not only can it identify threats such as the WordPress hack, but they are regularly updated. This ensures that your organization is protected from all the latest threats.
- Educate Your Staff: Good training is the cornerstone of good cyber security. Therefore, you need to make sure that your employees are regularly trained against the most current threats. This approach allows your staff to remain confident online and simultaneously protects your IT infrastructure.
For more ways to secure and optimize your business technology, contact your local IT professionals.