Approximately one and a half million web pages were attacked and defaced in January via a vulnerability in the WordPress platform’s REST API.
What Vulnerability?
This vulnerability in the REST API (the Application Programming Interface of the REST architecture that makes up the pages) meant that unauthorised persons could access and modify the content of any post or page in a WordPress website. These attacks and the vulnerability were flagged up to WordPress by web security firm Sucuri on 20th January. At that point, approximately 67,000 pages had been compromised and defaced in four separate attack campaigns. The latest figures put the number of compromised pages at 1.5 million, and the number of unique affected websites at around 40,000 (because many pages in the same website were attacked in most cases).
Hackers Competing.
A patch was developed and issued to all users of WordPress on 26th January, but the vulnerability had already become widely known among hackers, and it appears groups of hackers have been competing with each other to compromise as many WordPress pages as possible.
Defeated The Blocking Rules.
Hackers in this case were able to get around the blocking rules that had been put in place by the hosting companies in order to prevent attackers from exploiting just such vulnerability.
Defaced Pages.
The flaw allowed hackers to modify any page or post in the WordPress websites, hackers defaced pages by leaving images and messages in pages.
Defacing Doesn’t Bring Money.
Technical and security commentators have pointed out that hackers are generally looking for ways to monetise website vulnerabilities, and defacing pages does not offer this. It is therefore feared that the next move for hackers will be to use the vulnerability remaining in any sites to spread malware, or to launch spamming attacks.
What Does This Mean For Your Business?
WordPress is the most popular website platform in the world, and many businesses use them. A vulnerability of this kind is therefore a serious matter which could cause disruption to businesses, creating costs and other potential problems in trying to rectify the issue. Many businesses do not check their websites regularly, and may not even be aware that they have been attacked, and their pages have been defaced. Businesses with WordPress websites should protect themselves against the vulnerability by upgrading to WordPress 4.7.2 and also signing up for Midgard’s WordFence firewall service.
