QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the week


Internal Links

SMF Sites

Quick Info

WordPress Plugin Vulnerability

Started by Skhilled, Dec 05, 2021, 04:51 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Skhilled

The plugin, Variation Swatches for WooCommerce, allowed hackers to access more than 80,000 WP sites! There is a fix available:

https://www.bitdefender.com/blog/hotforsecurity/wordpress-plugin-vulnerability-affected-more-than-80-000-websites-patch-is-now-out/

Bigguy

"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

LandyVlad

That's why the sites I make where possible use alternatives to woocommerce (not always possible) because its the plugins with a huge userbase, and especially where $ are involved, that are targeted by hackers.

I use https://wordpress.org/plugins/ecommerce-product-catalog/
I reject your reality, and substitute my own.

Bigguy

"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

LandyVlad

Most will be.

80,000 sounds like a lot but it's tiny compared to the number of woocommerce websites out there...
I reject your reality, and substitute my own.

Neša

#5
I have a small WordPress site I setup for my partner no eCommerce just a personal one. It has been hit daily by bots trying to gain access. I can imagine how many times an eCommerce site will be targeted.

I have a few security settings in place, I use wordfence as the application firewall, I have an external smtp setup (my host blocks port 25), cloudflare to speedup and block countries.

With all of that setup I get daily bot hits. Interesting that the biggest attack number came from the UK then Australia :dontknow

You cannot view this attachment.
You cannot view this attachment.

Skhilled

I remember reading about Wordfence but have never used it yet. I may need to add it to the blog I've been working on...

You have to remember that those IP/countries are most likely spoofed if they are not the real and trustworthy bots. Meaning, they are probably not actually coming from those countries. ;)

Neša

Quote from: Skhilled on Dec 10, 2021, 12:21 PMI remember reading about Wordfence but have never used it yet. I may need to add it to the blog I've been working on...

Yeah I found it when I was looking for 2FA for WordPress, It isn't a bad plugin I like the feature that allows you to block countries from the login page. I only manage the site so I have blocked everyone except Australia from the login page.

Quote from: Skhilled on Dec 10, 2021, 12:21 PMYou have to remember that those IP/countries are most likely spoofed if they are not the real and trustworthy bots. Meaning, they are probably not actually coming from those countries. ;)

I do think some of them are open proxies, there are also some from Oracle and Microsoft I'm not sure why they would be testing my site.