WordPress is currently attacked by a new plugin bug, triggering an internet-wide hacking spree. On Friday, Sept. 4, Defiant, the company behind the Wordfence web firewall, said that millions of WordPress sites were attacked and probed this week.
Not sure what exactly is going on, but this looks like a bug introduced in _wp_specialchars() in #WordPress 5.5pic.twitter.com/N6Zsvuvlrd — Mathieu Sarrasin (@IceableMedia) August 29, 2020
The total number of breached sites is more than half of the number of WordPress sites using the WordFence web firewall. However, since WordPress is installed in hundreds of millions of sites, Gall concludes that the attacks' true scale is even greater than what they've recorded.
Hackers could still be attacking and probing other WordPress websites. To prevent further breaches, the File Manager developer team developed and released a patch for the zero-day, the same day it discovered the attacks.
Some websites already downloaded the patch, while others are still lagging. Because of their slowness in patching, the WordPress developer team added an "auto-update" feature for WordPress plugins and themes. The site owners can configure plugins and themes in WordPress 5.5.
They can auto-update themselves every time a new update is released to make sure that their websites have the latest version of plugin or theme, that would help them prevent further attacks.
For more news updates about WordPress attacks, always keep your tabs open here at TechTimes.
Read also: Also Read: LAPD's BMW i3s Sold For Less Than $18,000 After Mayor Garcetti Failed to go Green?
This article is owned by TechTimes,
Written by: Giuliano de Leon.
