Need to beware, if you are running a WordPress self-hosted website. According to the United States Federal Bureau of Investigation (FBI), it is a warning for WordPress users.
FBI think that, now the ISIS sympathizer’s target is WordPress site, the most popular Content management System (CMS). They have targeted the communication platforms of news organizations, religious institutes, commercial entities, foreign governments, local governments and a number of other international websites.
As, they are not connected to any particular business or name, it seems the random target. The attackers are not members of any terrorist organization, they are such sympathizers, who support ISIS. It is also known as ISIL. The sympathizers are not giving so much effort for this attack. They are just leveraging the flow of WordPress plugins with the some common hacking tools.
WordPress developers have already fixed these vulnerabilities, but owners of individual Website ate in too much tension, because they have failed to install the patches.
But good news is that, all the software patches are available to fix this vulnerabilities of WordPress. It is quite simple to get rid from this attack effect. You have to just update your WordPress along with the plugins. Problem is solved!!!
But something is worst part also there. The pro-ISIS sympathizers are creating fake government websites to exploit WordPress plugins vulnerability. They have done this to trick with the users to handing over their identifying data, which can identify the theft.
The criminal websites are appearing at the top of the search engines to make more click on the fake sites for giving the sensitive data. The fake sites are charging a fee, after completing the service request. Which is more encouraging for the victims to provide the more personal data.
To stay updated is the best solution of this problem. There are some solutions to get rid from the attack and getting hacked. FBI has recommended the quick and simple steps for a protection of websites.
- With the patching vulnerable plugins, update your personal WordPress websites.
- Follow the WordPress guidelines and review all.
- To reduce the effects of an attack, run your all software without administrative privileges that means, as non-privileged user.
- Using the available free CVE tools, Identify the WordPress vulnerabilities at Security Focus, US-Cert.
- Confirm the updates of your operating system and all applications.
The WordPress users are recommended highly to follow the instructions for making the mission fail of the sympathizers.