Hacking WordPress Websites: The hackers have come with a new method of installing the vulnerable backdoor plugins in websites which is powered by WordPress.
This technique takes the advantage on the weaknesses of WordPress.com accounts and the JetPack Plugin.
This technique is highly hard to compromise a website and the hacker ought to utilize the multiple steps in order to attack the Wordpress websites.
The attacks start occurring on May 16 from a report being released by a WordPress Security Firm WordFence.
The first step of this attack includes the Hackers hijacking the usernames and passwords from public data breaches to attempt to login to Wordpress accounts of users.
Specially those users who have reused the passwords from different websites and which did not enable the Two-Factor Authentication for their profiles, which is easily breakable to take over the accounts.
JetPack the analytics plugin for wordpress which is the most popular for wordpress sites.
This plugin has the specialty to connect with a self-hosted WordPress site to Wordpress.com account and to use the Jetpack panel inside the Wordpress.com.
JetPack provides the ability to install various forms of plugins across the different sites by just using wordpress.com Jetpack dashboard.
This plugin allows any criminals to easily upload a ZIP file with the malicious code that can be sent to each site.
Hackers are able to take a huge advantage of this remote management feature to deploy backdoors to earlier secured websites.
Experts also says that on the May 16, the hackers have deployed a plugin name “Pluginsamonsters”, later they switched to another plugin name “wpsmilepack” on May 21.
“Basically the plugin is visible to Wordpress Dashboard but invisible on the target wodpress site’s plugin list when active”.
Wordfence Team Said, “If the bloggers find any sort of suspicious activities in their website they should immediately change the password for their Wordpress.com Website”.