The WordPress platform is under attack by hackers who are trying to inject malicious code onto websites. WordPress is a popular website platform among real estate professionals, who should take immediate action to protect their sites from being compromised.
Image credit: kpgolfpro via Pixabay.com
The latest zero day attack is impacting WordPress version 4.2 and prior iterations, Klikki Oy, a Finnish company, warns users in a new video detailing the latest vulnerability to site administrators. Hackers are attempting to store malicious JavaScript code on WordPress site comments. This could allow visitors' usernames and passwords to be sent to a hacker's website, which is known as a cross-site scripting attack, Forbes.com reports.
What's more, if a logged-in administrator visits an infected page, the hacker could change the administrator’s password and create new administrator accounts, thus able to manipulate the account.
"For website [administrators], the advice for now is to disable comments until a fix is released," according to Forbes.com.
Gary Pendergast from WordPress told Forbes that a fix is on the way. Pendergast recommends site administrators use the Akismet plugin, which is an anti-spam service that will help block attacks.
Also, security researchers at CloudFare are warning WordPress users to beware of malicious e-mails being sent out by hackers trying to direct people to a compromised WordPress site hosted by Bluehost.
WordPress is one of the most popular blogging platforms on the web, used by more than 23 percent of the top 10 million websites, studies show.
Watch the video below from Klikki to learn more about the latest vulnerability: