Sites defaced as WordPress thousands are left unpatched

A vulnerability in WordPress has led to attacks against hundreds of thousands of webpages

WordPress

Hundreds of thousands of webpages have been defaced after hackers targeted WordPress via a "severe" bug that was patched last month. 

Security firm Sucuri notified WordPress of the content injection bug on 20 January, though the CMS and blogging platform developer waited to warn the public in order to give time for hosting firms that use the software to install a patch. WordPress rolled out a patch to all users on 26 January.

"We believe transparency is in the public's best interest. It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites," the company said at the time.

WordPress said most of the hosts it works with had installed the patch or had other protections in place within days of the security notification being received. As of the beginning of February, WordPress said it had seen "no attempts to exploit this vulnerability in the wild".

That appears to have changed in the intervening ten days, with other security firms reporting attacks had started. Security firm WordFence reported it has seen 20 different hacking groups using the flaw to target 40,000 sites that remain vulnerable.

"This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites," said founder Mark Maunder in a blog post. "During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor."

Defaced sites are left with images bragging that the hacker "was here", with similar statements left in the title of the page so it shows up in Google searches. Maunder said any sites that suffer the flaw will "continue to be defaced and re-defaced" unless they upgrade to WordPress 4.7.2 or, rather handily, sign up for WordFence's firewall service.

Sucuri also reported multiple instances of the vulnerability being abused, but said many WordPress users are not updating their sites, either because they're unaware of the issue or unable to update for technical reasons. "This is leading to a large number of sites being compromised and defaced," said Daniel Cid, founder and CTO Sucuri.

"Attackers are starting to think of ways to monetise this vulnerability," noted Cid. "Defacements don't offer economic returns, so that will likely die soon." Instead, he predicted hackers would start to use the technique for SEO spamming campaigns or to spread malware.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020