Beware! WordPress Security Issues Discovered

Generic placeholder image
Carl Niedbala

COO & Co-Founder


 

In a somewhat ironic twist, popular cybersecurity blog Krebs on Security recently suffered a cyber attack.  The site, just like ours and at least 60 million others out there, is built on WordPress, and the attack illuminated some troubling WordPress security issues.  So what exactly happened and how can you prevent this from happening to your WordPress site?

First of all, Krebs wasn’t the only site to experience the breach.  It was actually a distributed denial of service (DDOS) attack that affected about 162,000 WordPress sites!  According to Krebs, the hackers used the “pingback” function that WordPress includes with their platform.  This function allows the site owner to get “pinged” back (or notified) when an outsider links to a certain page of their site.  While clearly a somewhat useful feature,  it’s apparently low hanging fruit for the more mischievous.

So what’s the fix? Pingbacks, by the way, are enabled by default and most WordPress users tend to glance over the feature.  Here are a few ways to deal with the issue:

1. Disable pingbacks!  Go to Settings > Discussion and uncheck:

  • Attempt to notify any blogs linked to from the article
  • Allow link notifications from other blogs (pingbacks and trackbacks)

2. Install this plugin

3. Create your own plugin for your site and upload it via FTP.  It must include the following code:

add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[‘pingback.ping’] );
return $methods;
} );

Krebs’ post also pointed to this nifty tool to see if your site was used in the recent DDOS attack.  Thats right…some WordPress websites were used to attack other sites without the owner’s knowledge!  Imagine being sued for something that your website did without your knowledge.  Definitely not fun.  At least your Cyber Liability Insurance will kick in to cover you, right?

WordPress security issues resolved.  Update your settings right now!

Need a quote?

[vc_btn title=”GET A QUOTE” style=”outline-custom” outline_custom_color=”#ee2524″ outline_custom_hover_background=”#ee2524″ outline_custom_hover_text=”#ffffff” shape=”square” size=”lg” align=”center” link=”url:https%3A%2F%2Fapp.foundershield.com%2Fusers%2Fsign_up|||”]

Related Articles

social-media-influencer
April 10 • Cyber LiabilityRisk Management Tips

Top 5 Social Media Influencer Lawsuits

A social media influencer often reaches millions of people, raising the stakes for the mid-market companies who hire them. Here’s how these risks unfold.

eo_canadian_tech_companies
September 30 • Cyber LiabilityErrors & Omissions

E&O Insurance Guide for Canadian Tech Companies

Canadian tech companies face unique exposures — but tech E&O insurance helps to mitigate risks. Here’s what you should know.

canadian_tech_companies
September 23 • Cyber LiabilityErrors & Omissions

Top 5 E&O and Cyber Claims for Canadian Tech Companies

Canadian tech companies face a slew of challenges — but five primary E&O and Cyber claims stick out. Here’s a look at these themes.

protect from a data breach
August 18 • Cyber LiabilityRisk Management Tips

How to Protect Your Fast-Growing Business From a Data Breach

A cyberattack could devastate your fast-growing business quickly. With cybersecurity a real concern, here’s how to protect your mid-market business from a data breach.

July 9 • News

Three ways your business insurance coverage can help you navigate this period of crisis

Now is the time to rely on your broker and, in fact, test their ability to be the kind of representative who’ll work to protect the future of your business

healthcare startups
July 7 • News

15 Healthcare Startups That Improve Lives Worldwide

From innovative cancer treatment to supportive tools for physicians, these healthcare startups are changing lives for the better.