Hackers Find New Method of Installing Backdoored Plugins on WordPress Sites

  • 0 Replies

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10644
Hackers have come up with a never-before-seen method of installing backdoored plugins on websites running the open-source WordPress CMS, and this new technique relies on using weakly protected WordPress.com accounts and the Jetpack plugin.

The technique is highly complex, and to compromise a site, a hacker must go through different steps, during which multiple things can prevent the attack from being successful.

Nevertheless, attacks have been happening since May 16, according to report from WordPress site security firm Wordfence and several posts on the official WordPress.org forums from site owners that had their sites hijacked by crooks.


Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-