The Scale of the Attack: 390,000 WordPress Sites Compromised
In a staggering cybercrime incident, approximately 390,000 WordPress websites have been compromised. This large-scale attack has sent shockwaves across the security community.
Cybersecurity researchers Datadog Security Labs and SpyCloud spotted the attack. The researchers concluded, all developers should be extra careful when using open-source software.
For UK businesses, this is a stark reminder of the importance of maintaining up-to-date security protocols. It’s important to note that cyberattacks are a common threat, with around 50% of UK businesses experiencing some form of cyber security breach or attack in the past year.
How the Attack Worked
Hackers targeted an open-source package (XML-RPC) used by developers for remote communication between 3rd party systems (Supply chain attack).
In WordPress, XML-RPC is used to enable various functionalities, such as common day to day actions:
- Remote Publishing: Allows users to publish, edit, and delete posts from external applications
- Media Uploads: Enables the uploading of media files from external applications.
Protecting Your Business: Steps to Secure Your WordPress Site
To secure XML-RPC on WordPress sites, here are some best practices:
- Disable XML-RPC if Not Needed – If you don’t require XML-RPC for remote publishing or other purposes, consider disabling it altogether.
- Use Strong Passwords and Authentication – Ensure that all user accounts on your WordPress site have strong, unique passwords and use 2FA.
- Monitor and Limit Access – Limit access to XML-RPC by IP address if you need to keep it enabled for specific purposes.
- Implement a Good Security Plugin for WordPress – Wordfence can help detect and prevent XML-RPC exploits.
- Keep your website always updated and backed up.
- Regularly Update Passwords: Change passwords every 60 to 90 days.
- Our development team have recommended : Hackers target the default login url (yourdomain.com/wp-login.php). All WP users should change the login URL using a plugins like WordPress hide login to avoid CMS compromises.
Lessons Learned: Ensuring Robust Management of Third-Party Publishing and Remote Communication tools within WordPress
The recent cyberattack highlights the importance of working closely with your website developers, managers, and marketing teams. It’s essential to regularly audit how third-party publishing tools and remote communication systems are managed on your website.
Key steps include:
- Conduct Regular Audits: Frequently check the tools and plugins you use to ensure they are secure and up to date.
- Maintain Communication: Keep open lines of communication with your marketing, hosting and IT team to quickly address any issues that arise.
- Implement Security Protocols: Follow stringent security measures to prevent vulnerabilities.
- Monitor Performance: Be aware that unaddressed vulnerabilities can lead to website slowdowns and increased operational costs.
By focusing on these areas, businesses can better protect themselves from cyber threats, ensuring their websites remain resilient and secure.
Protect Your WordPress Website: Consider Dark Web Monitoring
Considering the recent cyberattack that compromised 390,000 WordPress websites, it’s crucial for businesses to ensure their credentials haven’t been stolen.
We highly recommend considering dark web monitoring tools to detect if your WordPress credentials have been compromised. By doing so, you can take immediate action to secure your site and prevent unauthorized access.
For those interested, Speedster IT offers robust dark web monitoring services, WordPress website hosting, data backup services and disaster recovery services , WatchGuard endpoint protection, tailored to help you stay ahead of potential threats.
Get in Touch
TechRadar. (2024). Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen. Retrieved from https://www.techradar.com/pro/security/huge-cybercrime-attack-sees-390-000-wordpress-websites-hit-details-stolen