WordPress in the news

| Mark Matheson

While most of the website development we do is completed using the Joomla CMS, we have several clients that prefer WordPress. As such, we keep a watchful eye for any WordPress news that may be of interest. We have noticed several posts from other authors in recent weeks highlighting a significant vulnerability that has been discovered in a WordPress 3rd-party plugin.

Author Bio

Mark Matheson

Business Consultant
Mark has specialised in ACCPAC accounting software for over 30 years and more recently has been providing IT Managed Services to his clients. When he's not working, Mark can be found loitering on the side of a hockey field.

Key Points

  • Compromised WordPress plugins
  • Make sure these are removed from any WordPress site
  • Keep your websites up-to-date
403
Hits

Both Sophos (https://nakedsecurity.sophos.com/2020/04/29/flaw-in-defunct-wordpress-plugin-exploited-to-create-backdoor/) and Tech Radar (https://www.techradar.com/nz/news/thousands-of-wordpress-sites-redirecting-users-to-dangerous-domains) have highlighted the significant vulnerability exposed by the OneTone plugin. It is estimated that over 900,000 WordPress sites have been targeted in this attack which is designed to insert "backdoors" into vulnerable websites and redirect users to malicious websites.

Sadly, as development of the OneTone plugin seems to have halted, there is very little likelihood that the vulnerability will be plugged. The following quote from Tech Radar is the best advise we can give: -

If your site uses any of these plugins or themes, it is highly recommended that you update them immediately and remove any that are no longer in the official WordPress repository.

If you are unsure how to go about updating your WordPress site, or simply need reassurance that your site is as secure as possible, please give us a call.

Hi! My name is Mark Matheson and I look forward to helping you unlock the full potential of your business.

Why not subscribe to our newsletter.