NEW YORK – A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites.
According to WordFence (which has become so useful and important to me, I might not run WordPress sites without it), Captcha Plugin was released with an update that triggers a process that downloads a ZIP file, then extracts and installs itself including a newer version with a backdoor with control of the administrative user (ID 1), sets authentication cookies, and then deletes itself and all file system traces of the backdoor, making it look as if it was never there and helping avoid detection.
Moral of the Story: The Boogeyman is coming!
If you run a WordPress site – without taking security seriously, even if you do everything right, update all your plugins, periodically change your logins, etc… etc…. good chance a clever hacker or Nefarious user who bought their way into your network, is going to get you anyway – and it is just matter of time.
So you’ve got to be one step ahead of him.
If you are using a WordPress website, I recommend you install the WordFence Plugin and I also recommend you follow their blog by opting in for their newsletter updates which send you email notifications on the need-to-know threats they are seeing and in most cases, automatically fixing and keeping you safe from. I use their Free Version because I have several WordPress websites but their Premium Version is supposed to be better. I would like to see them release an owner-level premium version and better multi-license pricing.