In September, 4.6 million attacks were launched against more than 280,000 WordPress websites. According to The Hacker News, sites using the WP Gateway plugin were exposed, “potentially allowing malicious actors to completely take over affected sites.” Gateway is considered a premium plugin. Hacker News reported, “Further details about the vulnerability have been withheld owing to active exploitation and to prevent other actors from taking advantage of the shortcoming.”
Surprised? You shouldn't be. With its huge footprint, WordPress is an inviting target. In fact, WordPress sites are attacked all the time.
WordPress sites are so vulnerable, because they require multiple plugins from multiple vendors to operate. Each plugin comes with its own potential backdoors, broken code and other vulnerabilities – which you have no knowledge or control over. This is especially true for publishers, who cannot use WordPress for commercial publishing without many of them.
Other 2022 WordPress hacks and attacks include, according to The Hacker News:
- Over five million attacks on the WordPress Backup Buddy plugin users. "Additional details about the flaw have been withheld in light of . . . its ease of exploitation."
- Thousands of sites using the WordPress Page Builder plugin were attacked.
- The Updraft Plus plugin, used by more than three million sites, was weaponized to download the site's private data."
Instead of stitching together dozens of plug-ins and widgets, it’s best to choose a secure, turnkey solution. A professional enterprise publishing system can help you sleep better at night, learn about increasing traffic and add new revenue streams. Learn more about our solutions here.