An official alert from FBI is warning WordPress users to patch all their plugins to avoid the perilous ISIS-branded website attacks. FBI said that the attackers are sympathizers of ISIS and have no connection with any terrorist organization.
FBI lately noted that the hackers affiliated with the ISIS (Islamic State of Iraq and al-Shams) have already begun defacing the WordPress websites.
The public statement made by the Bureau states,
The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered.
The list of plugins exploited include- RevSlider plugin, GravityForms plugin, FancyBox, Mailpoet and Wp Symposium, says the report released by security firm Sucuri. Apart from this list all outdated third party plugins are also vulnerable to the ISIS attacks. These vulnerable plugins could allow the attackers to take full control of the website. The attackers can add a new administrator account and hack your website using the WordPress theme edition tools.
Sucuri, the security firm says that only updating the plugins might not help one need to have deep security settings to protect and secure WordPress site from Hackers. WordPress being the most popular CMS has always been a target for the hackers. Back in December 2014 around 100,000 WordPress sites were defaced by Russian malware SoakSoak.
As reported by Naked Security, around 73% WordPress installations are usually susceptible to malware attacks. If you own a WordPress website, do check all your plugins and installations regularly, harden your security settings and keep your websites secure from threats and vulnerabilities.