If your business or organization uses WordPress to run your website or blog, you’re going to want to read this post. Recently discovered, a vulnerability is causing over 20,000 WordPress sites to attack and infect other WordPress sites. You need to act immediately to confirm you are not already infected, as well as protect your site from the attack reaching you in the future.
In a blog post published by WordPress’ security firm Defiant, it was discovered that malicious actors have recruited over 20,000 WordPress sites into a botnet. A botnet is a network of private computers and servers infected with malicious software that controls them as a group without the owners’ knowledge. The botnet allows the malicious actors to send commands to these infected devices that then carry out the actual attack. Once infected the WordPress sites send slews of login attempts through an exploitation in the platform in hopes to find an account login that works. Once a login works the botnet will infect that site and continue growing.
How to Check Your WordPress Site:
You can run a scan on your site using a tool made by Sucuri that searches for known malware, blacklisting status, website errors, and out of date software. Developers have noted if you have numerous sites blacklisting yours, you may be infected. Without coding abilities, it will be difficult to notice if you are infected. If you feel you are infected, Wordfence (owned by Defiant) has a site cleaning service available. The service includes cleaning of infections, a security analyst investigation of how the infection gained entry, removal of malicious code and malware links in your site’s content, a written report, work to remove your site from search engine blacklists, and a checklist to protect against future attacks.
How to Defend Your Site:
This botnet infection gains access by guessing login credentials, have all users reset their passwords. It’s important to stress that they use a long unique passphrase that is only used for WordPress. If your employees complain about remembering passwords, have them use a password manager.
Another area to look at is your WordPress site settings. In Settings > Login Lockdown you can limit the number of failed attempts it takes to lockout an account.
Update to the most current version. The newest version has upgraded features to avoid this infection. There are also numerous plugins that can enable this setting for you. If you get a plugin to manage these settings, make sure you get one that includes XMLRPC gateway protection. Although very technical sounding, this is the specific method exploited by the botnet attack. Wordfence also has a subscription to their real-time monitoring and security services.
Lastly, heavily consider adding multi-factor authentication to your WordPress site. There are tons of free plugins and services that can achieve this for you. With multi-factor authentication it will be even more difficult for malicious actors to access accounts with the correct login information.