WordPress sites backdoored after FishPig supply chain attack • The Register

It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.

We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems were compromised and its products altered so that installations of the code semi-automatically downloaded and ran the Rekoobe Linux trojan.

Infosec outfit Sansec raised the alarm this week that FishPig’s software was acting weird:…

More Info

Severe flaw in popular plugin remains unpatched

An actively exploited zero-day vulnerability in WordPress plugin WPGateway has led to more than 4.6 million attempted attacks in the past month. The currently unpatched flaw is the second significant WordPress vulnerability to be found over the past week.

A WordPress plugin vulnerability is being actively targeted for attack. (Photo by Primakov/Shutterstock)

When exploited, this vulnerability, identified as CVE-2022-3180, is used to add malicious administrator users to sites running the plugin. Administrator privileges allow…

More Info

WordPress Plugin Vulnerability Abused in Zero-Day Exploit

The WPGateway premium WordPress plugin has been exploited by malicious actors.

A vulnerability within the WPGateway premium WordPress plugin has been exploited by threat actors, as found and reported by security analysts from WordFence.

WPGateway Plugin Vulnerability Has Been Exploited

On September 13th, 2022, WordFence’s Threat Intelligence team reported in a blog post that a security vulnerability within the WPGateway premium plugin was exploited in the wild by malicious parties.

WPGateway can be used on WordPress sites to install and backup sites, as…

More Info

6 steps to creating patient trust in telehealth

With Covid-19, came a flood of new telehealth (virtual consulting) healthcare solutions, exposing more patients to its benefits and features. More advertising, more awareness and more conversations have introduced telehealth to a broader public, and this can only be good for everyone. The question remains though, how do we create that trust in telehealth for a patient, so that they turn to it the next time they need healthcare?

Possible contenders for understanding the dynamics could include, different patient demographics, or the fact that the solution on offer is easier to navigate in one…

More Info

WordPress plugin vulnerability leaves sites open to total takeover

Security firm WordFence has warned of an actively exploited vulnerability in a widely-used WordPress plugin that could leave websites totally exposed to hackers.

WPGateway is a paid plugin that gives WordPress users the ability to manage their website from a centralised dashboard. The flaw, designated CVE-2022-3180, allows for threat actors to add their own profile with administrator access to the dashboard, and completely take over a victim’s website.

WordFence, which provides a firewall service for WordPress websites, released a rule to block the exploit for paying customers on its…

More Info

Infoblox report shows smishing in websites built on WordPress

Smishing has been identified as a new and sophisticated method of obtaining personal and financial information from victims by using fake forms on fraudulent websites. Smishing is a cyberattack tactic that combines SMS (short message service, usually known as text messages) and phishing.

A wave of VexTrio attacks using dictionary domain generation algorithm (DDGA) has infected numerous websites built on WordPress, which in turn infect visitors to those sites with malware or spyware by executing Javascript code.

Infoblox Inc., a leader in secure and cloud-managed…

More Info

Zero-day in WPGateway WordPress plugin actively exploited in attacks

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.

WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard.

This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.

“On September 8, 2022, the…

More Info

How To Add Google Analytics To WordPress

Google Analytics is a free comprehensive tool that allows you to track your web traffic and data.

Google Analytics will show you how many people visit your site, individual pages, conversions, and how people interact with your content. This data is critical for the optimization of your website.

There are two types of Google Analytics code.

You may be accustomed to the Google Universal Analytics (UA) code. This is being sunsetted and replaced with Google Analytics 4 (GA4).

GA4 is much more customizable and applies to websites or apps, whereas Google UA can only be applied to…

More Info

Get a Lifetime of WordPress Hosting for Under $100

Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.

These days, any business needs a website to help customers navigate their services and draw in new customers. But setting up and operating a website can be an expensive, time-consuming task — one that many entrepreneurs don’t have the patience or even ability to do. Nonetheless, when you start your small business, you need to find ways to get…

More Info

Want your own gaming blog? Use WordPress to get started

WordPress is a popular content management system that can help users create a gaming blog quickly and easily. WordPress is free to use, making it a great option for those who want to create a gaming blog on a budget. You can find the best WordPress hosts here if you are planning to start a gaming blog. WordPress is also easy to use, even for beginners. In this article, we will show you how to start a gaming blog using WordPress.

Before we get started, let’s take a look at some of the benefits of using WordPress to create your gaming blog.

WordPress is a popular content management system…

More Info