WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack. For those who are using the older versions of these features, there is a possibility that you might compromise your system through their backdoors without your notice.
According to a report by PC Mag, the cybersecurity team JetPack spotted some problems linked to WordPress add-ons. It revealed that the backdoored versions of plugins and themes could be outlets of supply chain attack.
Previously, it was also revealed that there were issues with the AccessPress Themes back in September. A few days after it discovered the problem, the team uncovered another one, but it was about the app’s plug-ins.
JetPack noticed that AccessPress Themes immediately deleted the website extensions. The team added that earlier this year, WordPress launched updated plug-in versions, but not all themes received new updates per its advisory.
For the customers, this would mean sticking to the current version of features which needs to be updated as soon as possible. Jetpack reminded them to seek new theme versions. The team also said that the plug-ins to be installed should be in their latest versions.
“Please note that this does not remove the backdoor from your system,” Jetpack warned.
Furthermore, it also issued a reminder that users should reinstall a clean “WordPress” version in order to retain the necessary changes that were altered during the backdoor installation.
Related Article: WordPress Data Breach Affects 100,000 Exposed Websites After Using Responsive Menu Plugin
In the same story by PCMag, Jetpack clarified that AccessPress Themes add-ons which were obtained from the official directory of WordPress.org were not covered by the problem.
The team still recommended the users install the patched extensions regardless of this change following the removal of themes from the directory.
For those who want to access AccessPress Themes add-ons, you can go to Jetpack’s blog post for more details. Regarding the paid add-ons, it suggested that users should contact WordPress for more information about them.
Earlier this month, WP Beginner wrote a comprehensive guide for users who want to protect their blog site. According to the article, a hacked WordPress site might impact business not only its reputation but also its revenue generation.
On top of that, users’ information can also be stolen. The worst-case would be using them to carry out malicious intentions on your website.
Last month, Tech Times reported that a WordPress cyberattack affected 1.6 million websites. Amid this issue, Wordfence wrote that 13.7 million attacks were successfully patched despite a huge data breach.
In 2020, Tech Times also listed the effective ways to bar attackers from entering your WP site. Some of the methods mentioned in the article include using strong passwords, keeping plugins updated, preventing the hack using a website firewall, and more.
Read Also: Browsers Want to Block Google FloC; WordPress Calls Ad-Targeting Mechanism as ‘Terrible Idea’
This article is owned by Tech Times
Written by Joseph Henry
Sign up for our free newsletter for the Latest coverage!