Skip to main content

How To Fix WordPress file manager plugin vulnerability and security issue

 If you are still using the file manager versions 6.0–6.8 on WordPress, you need to upgrade immediately, here’s why!

The world witnessed a series of WordPress sites being hacked, and if you are still unaware of the WordPress security issues that surfaced recently due to the WordPress file manager plugin, here’s is all you need to know.

  • The WordPress File Manager versions 6.0–6.8 are being targetted and are the reason behind the WordPress Websites Attacked worldwide. A record of around 1.7 million sites has undergone a WordPress security issue in a matter of a few days now.
  • The file manager vulnerability attacks occurred due to the WordPress file manager plugin extension elFinder, an open-source library file, which was wrongly named to .php from connector.minimal.php.dist. This renaming allowed unauthenticated users to gain access to the file manager.
  • Hackers, before going with a malicious attempt on a WordPress site, have been trying to introduce harmless, empty files, to begin with, and upon gaining access to the website after successfully overcoming the WordPress cybersecurity, have submitted malicious files.
  • Wordfence, the WordPress security firm, has come up with a list of files that have been uploaded repeatedly, including hardfork.php, hardfind.php, and x.php. The most frequently uploaded file being Feoidasf4e0_index.php.
  • The hackers have been blocking other hackers from gaining access once taking over the admin control, which enables them to edit, upload, delete the contents of the website as they see fit.

Get cybersecurity services

What should you do to prevent WordPress cybersecurity vulnerability due to the WordPress file manager plugin from affecting your WordPress site?

The Wordfence Threat Intelligence team, upon being notified of the zero-day vulnerability, came up with a release of a patched version of the WordPress file manager plugin with a way to protect against the file manager vulnerability attacks.

Our cybersecurity experts at Infomaze suggest that you immediately upgrade your WordPress file manager plugin if you are still using the file manager versions 6.0–6.8 to the latest patched plugin version 6.9.


The patched version prevents hackers from exploiting the vulnerability by completely deleting the lib/php/connector.minimal.php file from the plugin. The same can be done manually while still maintaining the functionality and WordPress cybersecurity.

If you are not using the WordPress file manager plugin actively, we recommend that you uninstall it and activate it on a need-to basis.

Make sure the firewall in use is up-to-date and effective when faced with a threat and is ready to prevent the effect of the malware on your WordPress site.

Talk to our friendly experts

How can Infomaze help you stay secure in the presence of a WordPress file manager plugin vulnerability issue?



With years of experience being a WordPress development company among the other IT services we provide, and with the help of the security, maintenance, and support services that our sister company provides, we provide an overall protection every content management system requires to remain secure.

With the help of our Vulnerability management services to managed security monitoring, we provide the best protection from cyber-attackers. We make sure and take care that you will never have to worry about being vulnerable or at a high risk of getting hacked and affecting your website ranking in the process.

Are you interested in getting to know more about the current updates on the WordPress cybersecurity vulnerability? If yes, head to the Wordfence blog Millions of Sites Targeted in File Manager Vulnerability Attacks. They have listed the IP addresses, which have been frequently used to cause the attacks.

OR are you more worried about maintaining your WordPress and other IT environment secure? If so, our knowledgeable WordPress developers are here to help, be it consulting service, WordPress development services, or managed security services.

This article “Act now to eliminate the WordPress cybersecurity vulnerability due to the WordPress file manager pluginoriginally appeared in Infomaze Elite Website

Comments

Popular posts from this blog

Lob and Zoho campaign integration to automate mails.

  Zoho CRM integration for email automation — A case study Customizing emails to increase error-free productivity and increase the ROI on offline communication The Client: A mortgage company in Texas providing competitive home finance solutions. The client is a mortgage company in Texas that helps customers find potential homes and offer a wide range of loan solutions. Sending an enormous number of online and offline communication to customers on services and payment reminders was a counted task. The client asked us to provide a solution to structure the mails management system efficiently. Infomaze stepped in with its customized approach in integrating with the Lob and Zoho campaign to automate and ease the process of sending the mails. The Challenge: Customizing the mail for different leads The client had a basic approac h  in sending mail to its customers. The client had to personalize content for the emails and letters before sending them to leads and customers. With massi...

How Hiring WordPress Developers Can Enhance Your Website’s Functionality

 In today’s digital landscape, having a website that stands out is crucial for success. WordPress, known for its versatility and ease of use, powers a significant portion of the web. But to truly unlock its potential, hiring skilled WordPress developers can be a game-changer. Here’s a look at how these experts can elevate your website’s functionality, offering insights that might just inspire your next step. 1. Customized Solutions for Unique Needs Every business has unique requirements, and a one-size-fits-all approach often falls short. Skilled WordPress developers bring a wealth of experience in creating tailored solutions. Whether it’s custom plugins, bespoke themes, or specialized functionalities, these professionals ensure your website aligns perfectly with your business goals. For Example: Imagine needing a complex booking system for your travel agency. A seasoned WordPress developer can build a custom solution that integrates seamlessly with your existing website, enhanc...

Best Microsoft Power BI Service providers

  Run Data-driven Business with Microsoft Power BI. Get a Snapshot view of your Business Data with Custom KPIs, Data Sources, and Analytics. As Microsoft partners, we are capable of delivering the best Power BI solutions. You get real-time inputs, insightful analytics, and more to take your business up a notch. With our Microsoft Power BI Consulting services, we guide and help you with our services. Power BI Desktop: Windows desktop-based application. Power BI service: SaaS-based online service. Power BI Gateway: To sync external data into Power BI. Power BI Embedded: Utilizing Power BI REST APIs for custom applications. Power BI Report Server: An on-premises reporting solution. Power BI Visuals Marketplace: Creating custom visuals for the marketplace. Azure Data Lake Storage (ADLS): Link Power BI to ADLS with a configurable data flow. Also, an added benefit of unlimited data files storage. Language expertise: DAX, Power Query, SQL, R, and Python The Microsoft Power BI Integra...