Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says

WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack. For those who are using the older versions of these features, there is a possibility that you might compromise your system through their backdoors without your notice.

JetPack Spots WordPress Backdoors

Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says
WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack. Stephen Phillips - Hostreviews.co.uk from Unsplash

According to a report by PC Mag, the cybersecurity team JetPack spotted some problems linked to WordPress add-ons. It revealed that the backdoored versions of plugins and themes could be outlets of supply chain attack.

Previously, it was also revealed that there were issues with the AccessPress Themes back in September. A few days after it discovered the problem, the team uncovered another one, but it was about the app's plug-ins.

JetPack noticed that AccessPress Themes immediately deleted the website extensions. The team added that earlier this year, WordPress launched updated plug-in versions, but not all themes received new updates per its advisory.

For the customers, this would mean sticking to the current version of features which needs to be updated as soon as possible. Jetpack reminded them to seek new theme versions. The team also said that the plug-ins to be installed should be in their latest versions.

"Please note that this does not remove the backdoor from your system," Jetpack warned.

If you fear that you may have been affected by the compromised add-ons, you must update all your themes and plug-ins to their latest available version. To secure your website, you also may want to do a full security audit and apply extra caution to ensure everything's fine. An incident like this showcases that you can never be too careful in this day and age.

Related Article: WordPress Data Breach Affects 100,000 Exposed Websites After Using Responsive Menu Plugin

AccessPress Themes Add-Ons Are Unaffected

In the same story by PCMag, Jetpack clarified that AccessPress Themes add-ons which were obtained from the official directory of Wordpress.org were not covered by the problem.

The team still recommended the users install the patched extensions regardless of this change following the removal of themes from the directory.

For those who want to access AccessPress Themes add-ons, you can go to Jetpack's blog post for more details. Regarding the paid add-ons, it suggested that users should contact WordPress for more information about them.

How to Protect Your WordPress Site From Attackers

Earlier this month, WP Beginner wrote a comprehensive guide for users who want to protect their blog site. According to the article, a hacked WordPress site might impact business not only its reputation but also its revenue generation.

On top of that, users' information can also be stolen. The worst-case would be using them to carry out malicious intentions on your website.

Last month, Tech Times reported that a WordPress cyberattack affected 1.6 million websites. Amid this issue, Wordfence wrote that 13.7 million attacks were successfully patched despite a huge data breach.

In 2020, Tech Times also listed the effective ways to bar attackers from entering your WP site. Some of the methods mentioned in the article include using strong passwords, keeping plugins updated, preventing the hack using a website firewall, and more.

Read Also: Browsers Want to Block Google FloC; Wordpress Calls Ad-Targeting Mechanism as 'Terrible Idea'

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics