It's bad enough when a customer writes a bad review of your business on Yelp.…

An Emerging Threat to Your WordPress Website
I want to alert you to an emerging threat to your WordPress website and what you need to do about it.
For lack of a better term, this threat is being called WordPress Plugin Supply Chain Attack. It goes something like this:
- A WordPress plugin you use is owned, maintained, and supported by ‘Developer A’.
- ‘Developer B’ approaches Developer A and offers to buy the plugin, taking over all development, support, etc. The two agree on a price and the exchange occurs.
- Now comes the nefarious part: After taking over the plugin, Developer B adds some malware code to it and releases this new version in the WordPress Repository.
- You see that a new version of the plugin is available so you innocently click the ‘Update’ button in your dashboard. BAM! You have just infected your website with malware.
In the past four months, four popular plugins in the WordPress repository have been corrupted in this very way. These attacks work because, as a site owner, you have already made the decision to trust the software vendor or author. In many cases, you may have gone so far as to enable automatic updates for the plugin, allowing the author turned attacker to push malware to your website any time they want.
How to Protect Your Website From A Plugin Supply Chain Attack
- For now, you should record and track the ownership/authorship of every plugin you have installed. When updating, a plugin check to see if ownership has changed. If so then take extra care to run a scan on your website.
- Frequently run a scan of your website for malware. Some tools (like Wordfence and Sucuri) automatically do this daily.
NOTE: If you are a WebsiteOverwatch.com client then we are already doing this for you.
This Post Has 0 Comments