WordPress Security Breach Used Vulnerabilities in Plugins in Themes
BY Bigger Law Firm Magazine
- Over 1 million sites have been affected by the Balada Injector since 2017.
- The malware allows attackers to generate fake WordPress admin users.
- The report underscores the importance of keeping plugins and themes updated.
Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy's Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks, making them difficult to detect. The Balada Injector campaign is characterized by its use of String.fromCharCode obfuscation, freshly registered domain names that host malicious scripts on random subdomains, and redirects to various scam sites.
The malware allows attackers to generate fake WordPress admin users, harvest data stored on hosts, and leave backdoors for persistent access. It also carries out broad searches from top-level directories associated with the compromised website's file system to locate writable directories that belong to other sites. In this manner, just one compromised site can potentially grant access to several other sites for free.
WordPress users are recommended to keep their website software up-to-date, remove unused plugins and themes, and use strong WordPress admin passwords. If these attack pathways are unavailable, attackers brute-force the admin password using a set of 74 predefined credentials.
The lesson here is clear: law firms must keep their WordPress plugins up-to-date and ensure their website is protected against these types of attacks. This includes using strong passwords, removing unused plugins and themes, and regularly backing up site data.
Are you looking to maximize your law firm’s website’s potential? You’re in the right place. WordPress offers a wealth of plugins that can improve your website’s functionality, from search engine optimization to online event scheduling. Here are five must-have plugins for law firms: Gravity Forms – Communication is key when it comes to your law…
As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…
User experience, commonly referred to as UX, is an essential aspect of any marketing strategy, including law firm marketing. It encompasses everything that the user experiences while interacting with a product or service, including ease of use, accessibility, visual appeal, and overall satisfaction. The psychology behind user experience is a fascinating subject, and understanding it…