From Hacked Servers to Vulnerable Themes, What's Up With WordPress?
November 27, 2021
1 min 40 sec read
What's up with WordPress this time?
Apparently, GoDaddy disclosed a recent security breach that may have exposed 1.2 million accounts
, and the customers most affected were WordPress website owners using their hosting services.
There's always something up with WordPress regarding security vulnerabilities, so we'll be mentioning two vulnerabilities that have occurred this November.
Hackers breached GoDaddy's WordPress servers around September 6. It wasn't until the U.S. Securities and Exchange Commission discovered that their own website on November 17 had been attacked.
It's unclear if passwords protected by two-factor authentication were stolen, but what GoDaddy knows is someone used a stolen password to get access to their systems.
Whether active or not, WordPress sites had email addresses and customer phone numbers exposed and could be used to pull off phishing attacks.
Here's what else was exposed to cybercriminals.
Active WordPress websites that use passwords and usernames to store people's content into a database were leaked as well as the sFTP credentials for file transfers.
Surprisingly, some WordPress site owners had to receive new SSL certificates after GoDaddy realized that SSL private keys were leaked. This could allow hackers to impersonate someone else's website and do harm.
GoDaddy is in the process of reviewing those who were affected and has informed customers to reset their passwords, and has reissued SSL certificates.
The next headline is about a WordPress template plugin vulnerability that hit over one million sites
The Starter Templates plugin, created by Brainstorm Force developers, had a cross-site scripting weak point that let attackers upload their own malicious code. Bad actors could completely take over a website and potentially do harm to visitors.
This plugin is used in over 280 templates and is compatible with drag and drop web editors such as Elementor, Beaver Builder, Gutenberg, and the Astra theme.
The concerning issue about the plugin's vulnerability was that it allowed sinister code to be saved on the server of the attacked site itself.
And this just adds to the problems we see in the traditional digital marketing industry when you're not doing True Digital Marketing.
When you use WordPress, you're not only working in an unoptimized environment using separate tools and plugins, but you're exposing yourself to hackers. Plugin developers are responsible for maintaining their software, and all that third-party code can be accessed if it isn't updated frequently.
Experiencing security issues is one less thing you have to worry about when you switch to WebFindYou's True Digital Marketing Technology.
Peace of mind and simplicity.
Want to read this in Spanish? Spanish Version >>