👇 Threat actors hijack outdated WordPress sites👇
🌐 Welcome our very first news video about Hosting and all things related to it!
About us: our dedicated team of security researchers and investigative journalists regularly delves into previously unexplored depths of online security and privacy in order to shed light on stories that often have an unseen influence on the online world at large. A number of our investigations and reports have been featured by industry-related publications and global news leaders like Forbes, PC mag, Techradar.
A few months ago the Cybernews threat research team found something very concerning – more than 500 WordPress websites were compromised, and over 300 of them were serving malicious ads or code, without even knowing. How?
One word – Outdated WordPress. But it wasn’t just breaking into your WordPress itself, the team found malicious PHP scripts that were masquerading as seemingly legitimate WordPress plugins.
Automated attacks were then launched against older versions of WordPress sites to insert malicious code that led to previously hacked websites.
It is thought that the first phase of this attack compromised four WordPress sites that were used to host command and control scripts, while the second stage mostly targeted older versions ranging from 3.5.1. to 4.9.1.
After looking into each case a bit more, our team found that the most affected countries were the US (201 websites), followed by France (62 websites), Germany (51 websites), and the UK (34 websites). Most sites were on 3 hosting providers – OVH SAS – 55 websites hacked, Unified Layer (53 websites), and GoDaddy (43 websites).
Now our team has notified the provider that hosted the main attack websites, and it seems like they have cleaned the malicious code, and told the site owner what was happening with it.
So, how do you make sure your site doesn’t fall into the same trap?
👉 The answer is: update, update, and update. I had a few “weirdly” or badly built websites where I couldn’t upgrade because it would break everything, so I get that, but in the long run, those sites still broke or caused many more problems.
👉 There’s a reason everyone is telling you to keep your things up to date, plugin creators and programmers work non-stop to improve security and make things better.
👉 Also, newer versions of WordPress allow you to enable automatic updates to nearly all plugins, so go to your site now and make sure this is enabled.
How do you pick a secure hosting provider?
🔒 Look at security features, a weekly backup is usually a good failsafe in a lot of situations. Make sure the provider has real-time threat scanning, DDoS protection, and Web Application Firewall.
🔒 Nowadays I give special attention to what PHP versions the provider has to offer and what PHP runs their shared servers. It’s not only important that they have the newest PHP versions available, but it’s also essential that they don’t run or give the option to run old versions.
🔥Take a look at our secure, recommended providers:
Keep up to date with the latest news:
➡️ Visit our site
➡️ #cybernews #HostingNews #WordPressnews #wordpress
Xem thêm: https://grenadesandwich.com/kinh-nghiem-wordpress/