Skip to main content

How To Fix WordPress file manager plugin vulnerability and security issue

 If you are still using the file manager versions 6.0–6.8 on WordPress, you need to upgrade immediately, here’s why!

The world witnessed a series of WordPress sites being hacked, and if you are still unaware of the WordPress security issues that surfaced recently due to the WordPress file manager plugin, here’s is all you need to know.

  • The WordPress File Manager versions 6.0–6.8 are being targetted and are the reason behind the WordPress Websites Attacked worldwide. A record of around 1.7 million sites has undergone a WordPress security issue in a matter of a few days now.
  • The file manager vulnerability attacks occurred due to the WordPress file manager plugin extension elFinder, an open-source library file, which was wrongly named to .php from connector.minimal.php.dist. This renaming allowed unauthenticated users to gain access to the file manager.
  • Hackers, before going with a malicious attempt on a WordPress site, have been trying to introduce harmless, empty files, to begin with, and upon gaining access to the website after successfully overcoming the WordPress cybersecurity, have submitted malicious files.
  • Wordfence, the WordPress security firm, has come up with a list of files that have been uploaded repeatedly, including hardfork.php, hardfind.php, and x.php. The most frequently uploaded file being Feoidasf4e0_index.php.
  • The hackers have been blocking other hackers from gaining access once taking over the admin control, which enables them to edit, upload, delete the contents of the website as they see fit.

Get cybersecurity services

What should you do to prevent WordPress cybersecurity vulnerability due to the WordPress file manager plugin from affecting your WordPress site?

The Wordfence Threat Intelligence team, upon being notified of the zero-day vulnerability, came up with a release of a patched version of the WordPress file manager plugin with a way to protect against the file manager vulnerability attacks.

Our cybersecurity experts at Infomaze suggest that you immediately upgrade your WordPress file manager plugin if you are still using the file manager versions 6.0–6.8 to the latest patched plugin version 6.9.


The patched version prevents hackers from exploiting the vulnerability by completely deleting the lib/php/connector.minimal.php file from the plugin. The same can be done manually while still maintaining the functionality and WordPress cybersecurity.

If you are not using the WordPress file manager plugin actively, we recommend that you uninstall it and activate it on a need-to basis.

Make sure the firewall in use is up-to-date and effective when faced with a threat and is ready to prevent the effect of the malware on your WordPress site.

Talk to our friendly experts

How can Infomaze help you stay secure in the presence of a WordPress file manager plugin vulnerability issue?



With years of experience being a WordPress development company among the other IT services we provide, and with the help of the security, maintenance, and support services that our sister company provides, we provide an overall protection every content management system requires to remain secure.

With the help of our Vulnerability management services to managed security monitoring, we provide the best protection from cyber-attackers. We make sure and take care that you will never have to worry about being vulnerable or at a high risk of getting hacked and affecting your website ranking in the process.

Are you interested in getting to know more about the current updates on the WordPress cybersecurity vulnerability? If yes, head to the Wordfence blog Millions of Sites Targeted in File Manager Vulnerability Attacks. They have listed the IP addresses, which have been frequently used to cause the attacks.

OR are you more worried about maintaining your WordPress and other IT environment secure? If so, our knowledgeable WordPress developers are here to help, be it consulting service, WordPress development services, or managed security services.

This article “Act now to eliminate the WordPress cybersecurity vulnerability due to the WordPress file manager pluginoriginally appeared in Infomaze Elite Website

Labels:

Comments

Post a Comment

Popular posts from this blog

Hire Best Bookkeeping Service Providers

  Bookkeeping is made simple with our Offshore Bookkeeping Services When it comes to managing your business, every aspect of your back-office operations matters as much as your front office, and having organized bookkeeping is one of the factors that take you a long way. However, while bookkeeping is highly significant, it is unavoidably a time-consuming process, and that is where outsource bookkeeping services aid in running your business with ease. Hire an experienced bookkeeper or a bookkeeping team from an offshore bookkeeping company. Through outsourced bookkeeping services that are fully automated, cost, and time-effective , get the maximum benefit of staying organized and always informed of your finance and accounting. With proficiency in all the major accounting software and industry-specific customizations, we deliver a bookkeeping strategy and customer-employee-centric reports that your business requires. The Outsourced Bookkeeping Services we offer While we understand the d
Post a Comment
Read more

PCI Security Standard Compliance and Integration

PCI (Payment Card Industry) DSS (Data Security Standard) is a security standard developed and maintained by the PCI council. Anyone who has access to the internet has come across PCI DSS at least once. PCI (Payment Card Industry) Security Standard is an information security standard for organizations handling branded credit cards from major card schemes. PCI security standards council was founded by the top 5 credit card companies that set standards and mandated it for any business that handles, processes or stores credit cards — regardless of their size and location to be PCI compliant. The key to achieve PCI-DSS (Payment Card Industry Data Security Standard) compliance in a cost-effective manner is to establish the right scope for the credit card handling infrastructure of an organization. The US government has mandated PCI compliance on all online storefronts/websites/applications that make use of credit card to safeguard financial data of the end-users and manufa
Post a Comment
Read more

Outsourcing IT Help Desk Services Can Reap More Benefits

  How did the graveyard shift for one IT Major helped them cut costs and provide efficient services to its customers? Infomaze has taken over the graveyard shift or night support of an IT major in the US to provide continuous, uninterrupted IT Help Desk Support to its customers.  The service includes a full 360-support, including taking over the tickets that are still open, processing new, and passing enough information to the next shift to process any pending tickets.  The IT Support solution provided will soon be extended to 24X7 support as it has saved costs and has resulted in better processing time than ever before. The Customer: An IT Service Provider The client, an IT service provider who provides 24×7 support to their customers, was — looking for an efficient way to keep the IT Support Services seamless without affecting the quality of their solutions and increasing customer satisfaction. The Problem: Reduced quality of IT services offered The client had a high attrition rate f
Post a Comment
Read more