laptop

Beware! WordPress Security Issues Discovered

Carl Niedbala - Founder Shield
Carl Niedbala

COO & Co-Founder

 

In a somewhat ironic twist, popular cybersecurity blog Krebs on Security recently suffered a cyber attack.  The site, just like ours and at least 60 million others out there, is built on WordPress, and the attack illuminated some troubling WordPress security issues.  So what exactly happened and how can you prevent this from happening to your WordPress site?

First of all, Krebs wasn’t the only site to experience the breach.  It was actually a distributed denial of service (DDOS) attack that affected about 162,000 WordPress sites!  According to Krebs, the hackers used the “pingback” function that WordPress includes with their platform.  This function allows the site owner to get “pinged” back (or notified) when an outsider links to a certain page of their site.  While clearly a somewhat useful feature,  it’s apparently low hanging fruit for the more mischievous.

So what’s the fix? Pingbacks, by the way, are enabled by default and most WordPress users tend to glance over the feature.  Here are a few ways to deal with the issue:

1. Disable pingbacks!  Go to Settings > Discussion and uncheck:

  • Attempt to notify any blogs linked to from the article
  • Allow link notifications from other blogs (pingbacks and trackbacks)

2. Install this plugin

3. Create your own plugin for your site and upload it via FTP.  It must include the following code:

add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[‘pingback.ping’] );
return $methods;
} );

Krebs’ post also pointed to this nifty tool to see if your site was used in the recent DDOS attack.  Thats right…some WordPress websites were used to attack other sites without the owner’s knowledge!  Imagine being sued for something that your website did without your knowledge.  Definitely not fun.  At least your Cyber Liability Insurance will kick in to cover you, right?

WordPress security issues resolved.  Update your settings right now!

Need a quote?

[vc_btn title=”GET A QUOTE” style=”outline-custom” outline_custom_color=”#ee2524″ outline_custom_hover_background=”#ee2524″ outline_custom_hover_text=”#ffffff” shape=”square” size=”lg” align=”center” link=”url:https%3A%2F%2Fapp.foundershield.com%2Fusers%2Fsign_up|||”]

Related Articles

cybersecurity-awareness-month
October 6 • Cyber LiabilityRisk Management

Cybersecurity Awareness Month 2022 — Data, Data, Goose!

As the leaves turn golden and the wind blows colder, cybersecurity awareness month is upon us! Here’s what it’s all about and how your company can stay cyber-safe.

cyber-liability-premiums
August 29 • Cyber Liability

To Understand Cyber Liability Premiums, Let’s Talk About Hurricanes

Cyber liability insurance premiums are rising, and company leaders struggle to keep up with the increase — but why is this happening? Let’s talk about the “hurricane effect” and what to expect in the future.

ransomeware-defense
June 13 • Cyber Liability

Ransomware Defense — 5 Tips to Protect Your Business

With cyber attacks on the rise for technology and late-stage companies, it’s up to risk management teams to build fortifying ransomware defense — here’s how.

Cybersecurity quiz
April 25 • Cyber Liability

Cybersecurity Stats of 2022: Data Protection Pro or Novice? [Quiz]

Cybersecurity concerns skyrocketed during the past few years, especially for small businesses and technology companies — but how cyber literate are we really? Let’s find out!