Blog

WordPress Websites Have Been Targeted through File Manager Plugin Weakness

Posted on September 17th, 2020

A recently updated WordPress plugin, known as “File Manager,” was exploited by hackers last week, affecting millions of websites published and hosted by the content management platform. File Manager is currently installed on more than 700,000 websites; however, as the attacks grew in intensity, the number of targeted sites swelled. Information is presently limited regarding how the hackers learned of the zero-day vulnerability. However, it is clear that their attack started early, slow, and calculated, and rapidly gained steam.

Details of the Recent File Manager Plugin Attacks

The developers of the popular WordPress plugin, File Manager, attempted to resolve a critical zero-day flaw in the beginning of September. Although the vulnerability was already in the crosshairs of eager hackers, the presiding hope was that the patch would prevent further disaster.

Specifically, the problem arose from elFinder project code: Developers attempted to improve functionality by renaming a central file, changing it from a .dist file to a .php. Unfortunately, this backfired severely, opening up a route of attack for hackers. About two weeks after a patch was released to address the plugin’s existing weaknesses, more threats piled on with their sights set on File Managers’ unpatched installations.

When the attack was in its infancy, Defiant’s Threat Analyst provided a brief assessment of the circumstances. “Attacks against this vulnerability have risen dramatically over the last few days,” he noted. The number of compromised sites that were attacked in the following days quickly exploded to more than 1.7 million, later ballooning to 2.6 million by September 10. According to Gall, the attacks are likely much more widespread than experts are currently aware of.

Officials at Wordfence explained the details of the situation further, “We’ve seen evidence of multiple threat actors taking part in these attacks, including minor efforts by the threat actor previously responsible for attacking millions of sites. But two attackers have been the most successful in exploiting vulnerable sites, and at this time, both attackers are password protecting vulnerable copies of the connector.minimal.php file.”

How to Protect Your Website from Hackers

The explosion in the number of sites impacted by the File Manager vulnerability was driven primarily by people’s slowness to action. Although a patch was quickly released to resolve the issue, millions of platforms were attacked due to the lack of installations of the updated, protected software.

To avoid becoming one of the millions of people affected by such mistakes, simply set your plugins to automatically update themselves whenever a new update is released. This way, you do not have to repeatedly check your plugin details to determine whether it requires updates or not.

Though many people regard plugin and other software updates as tedious and unnecessary, incorporating these automations into your site can prevent devastating losses. (Such risks were incredibly high in this case since File Managers provides administrative users to fully manage site content and data, from copy and pasting to archiving.) Review your cybersecurity often by ensuring all installations on your site are functioning as intended and are equipped with the latest patches from developers.

To discuss your WordPresss Security Needs, contact Ancell Marketing today at 778-285-2288.