Rise in WordPress Hacks: Cybercriminals Mask Theft as Image Downloads

 

 

 More than five thousand web resources have already been hit by a new large-scale campaign.

 

 

 

 

A malicious campaign has been identified on more than 5,000 WordPress sites, during which attackers create fake administrator accounts, install malicious plugins, and steal data. Specialists at c/side, a web script security company, detected this activity during the incident response of one of the customers.

Malicious activity uses the wp3[.] domainxyz for data transfer. The original infection vector has not yet been established. After the site is compromised, a malicious script from the specified domain creates an administrator account named wpx_admin, and its data is stored in the code.

The script then downloads and activates a malicious plugin called plugin.php from the same domain. According to c/side, this plugin is designed to collect sensitive information, including administrator credentials and logs, which are sent to the attackers' server. The data transfer is disguised as a request for images.

The attack includes verification mechanisms, such as recording the status after creating an account and confirming the installation of the plugin.

To prevent such attacks, c/side experts recommend:

  • Block wp3 domain[.]xyz with firewalls and security tools.
  •  Check all privileged accounts and installed plugins, removing suspicious items.
  • Strengthen protection against CSRF attacks using unique tokens, server-side validation, and their periodic regeneration. Tokens must have a time limit.
  • Set up multi-factor authentication to protect accounts with already compromised data.

Mass attacks on WordPress sites highlight the importance of regular security checks and proactive protection. Ignoring these measures can cost sensitive data and control over the resource. 

Don't let technological challenges hold you back. Take advantage of Redfish-IA VEN expertise and reliable support to keep your business thriving. Contact us today to schedule a consultation and experience the difference that top-notch IT services can make!


Website: https://redfishiaven.tech/                                                                                                  Phone: [+233-541-625-812]
Email: redfishiaven@proton.me
Don't let your computers "sink" - let Redfish-IA VEN keep you afloat!

Comments

Post a Comment

Popular posts from this blog

Short Codes for Mobile Networks in Ghana (2025)

Universal Short Codes (All Networks) Customer Care : Dial   *100# SIM Registration Check : Dial   *404# Check SIMs Linked to Ghana Card : Dial   *402*1# Balance Check : Dial   *124# Top-Up Credit : Dial   *134*PIN# MTN Ghana Recharge & Balance *134*PIN# : Recharge airtime. *124# : Check airtime balance. Promotions & Offers *315# : Activate MTN Free After 1 (Nkomode). *550# : Activate Free Call 6-month Offer (new subscribers). Mobile Money (MoMo) *170# : Access MoMo services (transfers, payments, wallet). *511# : Generate MoMo ATM token. Data & Internet *138# : Purchase data bundles. *138*1*1# : Daily bundles (20MB–350MB). *138*1*3# : Monthly bundles (300MB–10GB). *141# : MTN Extra Data offers. Call Management **67*02XXXXXXXX*11# : Divert calls when busy. **61*02XXXXXXXX*11# : Divert calls when unanswered. **62*02XXXXXXXX*11# : Divert calls when unreachable. Customer Support 100 : Contact MTN Customer Care. *156# : MTN Info Portal (check number, promo...
Read more

How to Enable Audio over Remote Desktop?

Image
      List of content you will read in this article:     1. How to enable audio in Windows Server via remote desktop protocol? [Complete Guide]     2. Conclusion:      3. FAQ The virtual nature of the Windows server does not allow you to play any audio by default. If you are thinking of connecting additional speakers to fulfill your purpose, then we are sorry to disappoint, but that won’t be helpful. To accomplish this task, proceed further to the article to enable audio in Windows server. You can redirect your VPS audio to your local computer system with the help of Remote Desktop Protocol. Now, let us move towards understanding the process of how to enable audio on Windows VPS Server.  How to enable audio in Windows Server via remote desktop protocol? [Complete Guide] Let us dive into implementing them on Windows Server 2016. To redirect your VPS audio to your local system, having a running Windows Audio Service...
Read more

Gold Or Bitcoin

Image
 What’s the better store of wealth? Gold has seen quite a surge in price lately, exceeding $2400 an ounce. Bitcoin at $70000 has almost returned to its all time high as well. So there's definitely a big desire these days for alternative stores of wealth that aren't the U.S. dollar. This begs the question — which of the two is the better dollar alternative? Gold's popularity Let's talk about gold first. Gold is timeless and has been used as a store of wealth for millennia. There's actual physics based reasons that it's so popular: It's scarce. Its density makes it hard to fake. It has a distinct appearance (other rare metals like platinum and palladium tend to look a lot like silver). It doesn't tarnish like silver. It's not reactive so it won't randomly decay or combust. It also helps that it...
Read more