Posted On 07 Mar 2020
WordPress websites are under threat from hackers attacking a vulnerable plug-in that gives them the capability of wiping databases clean or even taking over the whole website.
100,000 websites use the ThemeGrill Demo Importer which carries the vulnerability; it is estimated that around 17,000 attempts have been made to hack sites. In most instances the hackers are only able to wipe the database, often meaning the WordPress “Hello World” message is all visitors will see, but if the site has an administrative account named “admin” the hacker can hijack the entire site and take over its administration.
The problem arises from the fact that the plug-in does not ask for authentication, which means that hackers can insert customized text strings in web requests that will give them permission to carry out administrative tasks, meaning they can severely damage a website’s operation.
Any users of the plug-in are advised to remove it immediately; although the developers have released a patch to fix the error, experts say it will be safer to simply get rid of the vulnerable software altogether.
The authenticator always rings twice
Ring, the manufacturer of smart video doorbells that is owned by Amazon, has introduced compulsory two-factor authentication for users to sign in to their accounts. This follows a number of hacking incidents in 2019 when hackers were able to access the video cameras on the doorbells and questions were raised regarding the robustness of the company’s security. Users will now have to login and then enter a code that will be sent to them either by email or text message in order to access their accounts. As an additional security measure, the majority of third-party applications available to Ring users have now been “paused”. Amazon has owned Ring since launching a $1 billion takeover in 2018. The company has vastly increased the number of video doorbells across the country, often working with police departments to offer free or discounted hardware. The company’s success has continued despite many criticisms from privacy groups concerned about neighborhoods becoming completely covered with security cameras.