getButterfly Logo getButterfly

Cyber criminals will exploit any vulnerability in any system.

Last month has seen a surge in malware and web attacks. WordPress released 4 security updates, and more than 10 plugins, themes or WordPress modules were reported as being insecure. The disclosure was made in due time, so authors were able to quickly patch their code and release updated versions.

Supermax Prison

None of my plugins has been affected by the recent insecurities. I have released a series of updates, mostly beta, so I kept up with all the recent developments. ImagePress is getting closer to a new release – 5.5 – which will bring several security improvements and some new features. Next months will focus on bug fixing and code robustness, so if you get a chance to test it, I urge you to report any bugs you may encounter.

Back to the first sentence and why I chose to use it. Three of my clients’ websites were attacked in the past month. The first attack was by changing the category.php template of the theme and adding a multipart upload form, so the hacker could upload PHP files.

The second attack was by injecting a REQUEST header in the footer of the website (footer.php) and redirecting it to another web location (probably with more malware) based on the referer.

The third attack took place on an unrestricted user upload website, where the hacker uploaded a corrupt JPEG image (this one is new for me) which was able to deploy a small PHP file in the /wp-content/uploads/ directory. The next step was to capture site requests (GET and POST) and take advantage of them.

Fortunately, by using the Sucuri plugin, I was able to get notified in due time and remove the threats.

For security purposes, I use a combination of plugins, server features, CDNs and, as of last month, SSL certificates. I’ll write a more detailed article about my adventures with setting up HTTPS, mixed content and WordPress.

Subscribe to getButterfly Blog

Once a week or so we send an email with our best content. We never bug you, we just send you our latest piece of content.

If you found any value in this post, agree, disagree, or have anything to add - please do. I use comments as my #1 signal for what to write about. Read our comment policy before commenting! Comments such as "Thank you!", "Awesome!", "You're the man!" are either marked as spam or stripped from URL.

Leave a Reply

Your email address will not be published. Required fields are marked *