QUICK NEWS

{NEW} - The Slide tab mod has been re-installed and a new video is on the tab.

{OLD} -A new tutorial for Github is ready for your veiwing in the articles section.

Video of the week


Internal Links

SMF Sites

Quick Info

WordPress Plugin Vulnerability

Started by Skhilled, Dec 05, 2021, 04:51 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Skhilled

The plugin, Variation Swatches for WooCommerce, allowed hackers to access more than 80,000 WP sites! There is a fix available:

https://www.bitdefender.com/blog/hotforsecurity/wordpress-plugin-vulnerability-affected-more-than-80-000-websites-patch-is-now-out/

Bigguy


LandyVlad

That's why the sites I make where possible use alternatives to woocommerce (not always possible) because its the plugins with a huge userbase, and especially where $ are involved, that are targeted by hackers.

I use https://wordpress.org/plugins/ecommerce-product-catalog/
I reject your reality, and substitute my own.

Bigguy


LandyVlad

Most will be.

80,000 sounds like a lot but it's tiny compared to the number of woocommerce websites out there...
I reject your reality, and substitute my own.

Neša

#5
I have a small WordPress site I setup for my partner no eCommerce just a personal one. It has been hit daily by bots trying to gain access. I can imagine how many times an eCommerce site will be targeted.

I have a few security settings in place, I use wordfence as the application firewall, I have an external smtp setup (my host blocks port 25), cloudflare to speedup and block countries.

With all of that setup I get daily bot hits. Interesting that the biggest attack number came from the UK then Australia :dontknow

You cannot view this attachment.
You cannot view this attachment.

Skhilled

I remember reading about Wordfence but have never used it yet. I may need to add it to the blog I've been working on...

You have to remember that those IP/countries are most likely spoofed if they are not the real and trustworthy bots. Meaning, they are probably not actually coming from those countries. ;)

Neša

Quote from: Skhilled on Dec 10, 2021, 12:21 PMI remember reading about Wordfence but have never used it yet. I may need to add it to the blog I've been working on...

Yeah I found it when I was looking for 2FA for WordPress, It isn't a bad plugin I like the feature that allows you to block countries from the login page. I only manage the site so I have blocked everyone except Australia from the login page.

Quote from: Skhilled on Dec 10, 2021, 12:21 PMYou have to remember that those IP/countries are most likely spoofed if they are not the real and trustworthy bots. Meaning, they are probably not actually coming from those countries. ;)

I do think some of them are open proxies, there are also some from Oracle and Microsoft I'm not sure why they would be testing my site.