Last year November, Forbes was attacked in a “watering hole” style, in order to install malicious software on the computers of Forbes’ visitors. The malware was designed to give the hackers control over the computers so that they could access sensitive software. The attackers used several zero day vulnerabilities against Microsoft IE9+ and Adobe Flash (Microsoft and Adobe have released patches, it is recommend that you immediately update if you haven’t done so yet.)
Zero day vulnerabilities are vulnerabilities in software on the day of its release, usually when they are discovered the companies patch the vulnerabilities quickly, as shown by Microsoft and Adobe quick responses.
Who attacked Forbes? We can see two very different opinions from Forbes and Invincea, on one side if you were running the latest software you are safe and no one is sure who the attackers are, on the other side a Chinese espionage group launched a attack against the US Defence and Financial Services.
What does this have to do with WordPress Security
Flash and Internet Explorer are popular and so they are attractive targets to attack, and WordPress is the most widely used CMS on the internet, so it is obviously also a attractive target. Plugins and themes also have zero day vulnerabilities, as shown by the recent (and widespread) RevSlider attack. As a site owner you have the responsibility to keep the visitors on your site safe. Also, if your site gets hacked and blacklisted, then you are going to experience a drop in traffic, after all search engines don’t want to send people to sites that could harm them.
You can read more here about how to secure and protect your website. At WP Assist we also offer hack fixes for sites already hacked, as well as membership where we look after the security of your site for you.
We would love to hear what you think about this situation in the comments.