WordPress is one of the most – if not the most – popular website package on the web. Both professional web designers and less professional web designers use it. One of the reasons it is so popular is that with a little work, anyone can alter the code or download a plug-in to customise WordPress for themselves.
These are also the reasons that make WordPress a prime target for threat actors. Hackers exploit any cyber security issues in the WordPress ecosystem as it is guaranteed to reach many thousands of potential victims. Here is the latest faulty plug-in.
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)
Your takeaway
You might not be using the flawed version of the Popup Builder plug-in, but this attack depended on an older, unpatched version of the plug-in, which should have been updated! So, do you know if your WordPress website (or insert the website software/plug-ins you are using here) is patched and cyber secure?
You should. Read this to find out how complacency could be impacting your reputation and cyber security:
How much are you relying on your web designer to protect your reputation? – CyberAwake
The same situation applies if you have custom apps written for your organisation – they need verifying as well.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
For more information on the issues have a read of this:
