• Disclaimer
  • Copyright
  • About Us
  • Privacy Policy for Netfest
  • Contact
  • Advertise
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • News
  • Review
  • Gaming
  • Gear
  • Computers
  • Applications
  • Security
No Result
View All Result
  • Home
  • News
  • Review
  • Gaming
  • Gear
  • Computers
  • Applications
  • Security
No Result
View All Result
NetFest
No Result
View All Result

WordPress Sites Under Constant Attack

Nimesh Dama by Nimesh Dama
20 May, 2020
Home News
Share on FacebookShare on Twitter

WordPress sites pages suffer 30 times more attacks than average, as Defiant reports. Attack attempts have been made on more than 900,000 websites since 28 April 2020.

Screenshot from 2020 05 20 21 50 52

What is happening?

Many attacks are accused of being carried out by the same threat actor. The same community can also exploit older established vulnerabilities in WordPress. On 3 May, there were over 20 million attacks on 500,000 sites. Around 24,000 separate IP addresses that tried to initiate attacks have been identified since last month.

The current situation

  • The attacks that exploit XSS vulnerabilities rely primarily on planting a loophole on target pages. A malicious JavaScript can be attached to each page on the web.
  • For non-XSS threats, users are attempted by modifying the URL of the web home page to the same malvertising program.

What the experts are saying

  • Ram Gall, a Defiant QA programmer, said that the range and frequency of attacks make it clear that this is not a coordinated operation. Monetization appears to be the only justification behind this movement.
  • Defiant cautioned that this wide-ranging initiative could quickly switch to other objectives.
  • WordPress plug-ins are a vital third-party attack, because more than 70% of the website’s scripts are third party.

What you can do

  • Delete and deactivate the plug-ins that have been removed from the WordPress repositories. 
  • Run a web application firewall. 

More insights

  • Wordfence has provided IOCs that can be used by site managers to test whether they are attacked.
  • Users of Wordfence are secured from XSS attacks.
  • More than half of the attacks were triggered by the Easy2Map plugin which was removed last August from the registry. Most definitely this plugin is mounted on almost 3000 pages.

In essence

The takeaway is that all plug-ins should be updated. A layered security approach is the need of the hour.

Tags: Easy2Map pluginWordPress SecurityWordpress SitesWordpress Vulnerability
Nimesh Dama

Nimesh Dama

Founder and Editor-in-Chief of 'NetFest News,' Nimesh is a cybersecurity analyst, Gadgets review, Tech News, Information Security professional, developer, and a white hat hacker

Next Post
MAD MIRAMAR MAD AHEAD OF 7 MAY LAUNCH PUBG TEASER VIDEO REVEALS PUBG MAD LAUNCH

WALTER BLACK ESP V3 Download SEASON 13 PUBG 0.18.0

Leave a Reply Cancel reply

Recommended

Valorant 1.01 Update Patch Notes: Sage nerfs, Spike Rush changes and performance updates

Valorant 1.01 Update Patch Notes: Sage nerfs, Spike Rush changes and performance updates

10 June, 2020
Microsoft offers $100,000 to hack its custom Linux OS

Microsoft offers $100,000 to hack its custom Linux OS

20 May, 2020

Trending

WordPress Sites Under Constant Attack

WordPress Sites Under Constant Attack

20 May, 2020
[ No Ban ] Antenna, Aimbot, No Root 2020 PUBG Mobile VENOM Hack

[ No Ban ] Antenna, Aimbot, No Root 2020 PUBG Mobile VENOM Hack

30 June, 2020
MAD MIRAMAR MAD AHEAD OF 7 MAY LAUNCH PUBG TEASER VIDEO REVEALS PUBG MAD LAUNCH

WALTER BLACK ESP V3 Download SEASON 13 PUBG 0.18.0

1 June, 2020
PUBG Mobile: How to register for the PUBG Mobile 0.19.0 beta update?

PUBG Mobile: How to register for the PUBG Mobile 0.19.0 beta update?

23 May, 2020
NetFest

We bring you the best Premium Tech News,Review & Penetration Testing News, magazine, personal blog, etc. Check our landing page for details.

Categories

  • Apple
  • Applications
  • Camera
  • Computers
  • Gaming
  • Gear
  • Laptop
  • Microsoft
  • News
  • Review
  • Security
  • Smartphone

Recent News

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

20 August, 2021
If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

11 July, 2021
  • Trending
  • Comments
  • Latest
For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

For free, you may get the BGMI iOS App from the following link: Is BFMI iOS Download for free in 2 GB Ram? The complete list of iPhones

20 August, 2021
If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

If you are discovered hacking or cheating in Battlegrounds Mobile India, there are three methods you may go about reporting it.

11 July, 2021
  • Disclaimer
  • Copyright
  • About Us
  • Privacy Policy for Netfest
  • Contact
  • Advertise

© 2020 NetFest - Tech News,Review & Penetration Testing News. by NetFest.

No Result
View All Result
  • Home
  • News
  • Review
  • Apple
  • Applications
  • Computers
  • Gaming
  • Gear
    • Laptop
    • Camera
    • Smartphone
  • Microsoft
  • Smartphone

© 2020 NetFest - Tech News,Review & Penetration Testing News. by NetFest.

Go to mobile version