Just released: How to raise venture capital in 2023

Download

Beware! WordPress Security Issues Discovered

Carl Niedbala - Founder Shield
Carl Niedbala

COO & Co-Founder

 

In a somewhat ironic twist, popular cybersecurity blog Krebs on Security recently suffered a cyber attack.  The site, just like ours and at least 60 million others out there, is built on WordPress, and the attack illuminated some troubling WordPress security issues.  So what exactly happened and how can you prevent this from happening to your WordPress site?

First of all, Krebs wasn’t the only site to experience the breach.  It was actually a distributed denial of service (DDOS) attack that affected about 162,000 WordPress sites!  According to Krebs, the hackers used the “pingback” function that WordPress includes with their platform.  This function allows the site owner to get “pinged” back (or notified) when an outsider links to a certain page of their site.  While clearly a somewhat useful feature,  it’s apparently low hanging fruit for the more mischievous.

So what’s the fix? Pingbacks, by the way, are enabled by default and most WordPress users tend to glance over the feature.  Here are a few ways to deal with the issue:

1. Disable pingbacks!  Go to Settings > Discussion and uncheck:

  • Attempt to notify any blogs linked to from the article
  • Allow link notifications from other blogs (pingbacks and trackbacks)

2. Install this plugin

3. Create your own plugin for your site and upload it via FTP.  It must include the following code:

add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[‘pingback.ping’] );
return $methods;
} );

Krebs’ post also pointed to this nifty tool to see if your site was used in the recent DDOS attack.  Thats right…some WordPress websites were used to attack other sites without the owner’s knowledge!  Imagine being sued for something that your website did without your knowledge.  Definitely not fun.  At least your Cyber Liability Insurance will kick in to cover you, right?

WordPress security issues resolved.  Update your settings right now!

Need a quote?

[vc_btn title=”GET A QUOTE” style=”outline-custom” outline_custom_color=”#ee2524″ outline_custom_hover_background=”#ee2524″ outline_custom_hover_text=”#ffffff” shape=”square” size=”lg” align=”center” link=”url:https%3A%2F%2Fapp.foundershield.com%2Fusers%2Fsign_up|||”]

Related Articles

cyber insurance pricing trends 2024
March 13 • Cyber Liability

Cyber Insurance Pricing Trends 2024

Uncertain about cyber insurance costs in 2024? Our article explores pricing trends, expert predictions on rate increases, and strategies to potentially reduce your cyber insurance premium.

cyber liability insurance premiums
March 4 • Cyber Liability

7 “Must Haves” For Cyber Liability Insurance in 2024

With cyber liability insurance premiums rising, business leaders must have the inside scoop to keep costs low. Our partners at Blacksmith InfoSec delve into those tips and tricks.

Cybersecurity Data Breaches
November 9 • Cyber Liability

Top 10 Cybersecurity Data Breaches of 2023

Today’s digital landscape is frightening for business leaders. Here’s a glimpse into some of the most cringe-worthy data breaches in 2023 — plus, how to avoid them.

Cyber Insurance Pricing Trends
July 19 • Cyber Liability

Cyber Insurance Pricing Trends 2023

After a hard-hit 2022, let’s explore the lessons learned, what currently impacts the cyber market, and cyber insurance pricing trends to expect in the future.

multi factor authentication
January 24 • Cyber Liability

Securing Your Company With Multi-Factor Authentication: A Complete Guide

Cybersecurity is a priority for most company leaders, with multi-factor authentication spearheading the endeavor. Here’s how to make it a reality in your organization.

cybersecurity-awareness-month
October 6 • Cyber LiabilityRisk Management

Cybersecurity Awareness Month 2022 — Data, Data, Goose!

As the leaves turn golden and the wind blows colder, cybersecurity awareness month is upon us! Here’s what it’s all about and how your company can stay cyber-safe.