WordPress has become something that many businesses now rely on to ensure that they can run, that they can create content and that they can share their product or service with the world. For the most part, WordPress works really well and has proven to be an effective tool for those businesses, however, of late, it seems that there have been some security issues picked up.
Recently, hackers identified what could be seen as a critical vulnerability within WordPress. Found in a plugin called WP File Manager. After being picked up, the flaw did receive a patch from the developers of the Plugin, but it seems that it may have been too little, too late.
The flaw has already been exploited by hackers and seeing as the plugin is used to upload files, this could be quite worrying.
HOW WAS IT FOUND?
Seravo, which is a Finnish WordPress service provider, were the one who alerted the WPScan WordPress Vulnerability Database of the issue. They believe that even though the issue was picked up and dealt with quickly, there have been some WordPress sites compromised due to the flaw in the plugin.
It has to be said that it is not known how many websites are affected and what happened to them, simply because it can take a number of days to even find out that you have been hacked; let alone identify the damage.
It is, however, hoped, that because the attacks were detected (and a patch set up) quickly, the damage that can occur has been limited. That said, there are still concerns about this happening in the first place as the bug means that script and in particular the vulnerable script that relates to the website can be accessed directly, without even having to load into WordPress, even if the plugin has been deactivated within the WordPress site.
With as many as 700,000 installations of the plugin currently active, it has been recommended that you should take a look at your WordPress website if you are an admin on the website.
WHAT CAN I DO?
Aside from being vigilant, it is important that you download the latest WordPress update in order to fix the bug and protect your WordPress site. Whilst this will work, if you have already had hackers using the hole to gain access to your site, then this may not be enough.
For these WordPress sites, a reinstallation of the entire system should be enough to get rid of the hacker’s files and then free up your WordPress site and ensure that you are keeping your website and your customer’s details as safe as possible.