The Anonymous Fox WordPress 5.5 Hack: Should I Be Concerned?

The latest WordPress updates on August 11th brought along many exciting changes to the format most of us rely on in our daily work lives. And with the plugins and themes all updated to make them more user-friendly, as far as ease of access was concerned for WordPress users, the future was very bright. But the news that Anonymous WordPress 5.5 Hack has potentially thrown a wrench into the works for many who rely on WordPress. What has happened and should we be overly concerned?

What Has Happened?

With the news that WordPress sites have been probed and attacked this week, according to Defiant, the company behind the Wordfence firewall, this has naturally exposed many bloggers and e-commerce companies' vulnerabilities. But what has happened?

• A massive increase in attacks occurred after hackers found a way to exploit a zero-day vulnerability in File Manager (a popular WordPress plugin installed on over 700,000 sites). Naturally, this has thrown many website providers into a panic.
• The zero-day vulnerability was an unauthenticated file upload. This allowed an attacker to upload malicious files on a site running older versions of the File Manager plugin (versions 6.8 and below).
• The hacker gained access to an unprotected file from its elFinder package.

How Did This Happen?

Currently, it's unclear how it happened, but the facts are as follows:

• Since September 1st, hackers began probing for sites where the File Manager plugin may be installed.
• Upon hitting a successful probe, hackers would exploit the vulnerability by uploading a web shell. This took the form of an image file on the victim's server, acting as a disguise.
• Once the attackers accessed the web shell, they would take over the victim's site, and entrap it inside a botnet to undertake malicious tasks.

How Many Users Are Affected?

According to Ram Gall, threat analyst at Defiant, the attacks against this zero-day vulnerability rose dramatically over the space of a few days. At the beginning of September, the attacks started slowly but gradually intensified throughout the week. Defiant recorded one million attacks on WordPress sites on Friday, September 4th alone, and Defiant blocked attacks against over 1.7 million sites since September 1st, which is more than half the WordPress websites using the Wordfence web firewall. It is believed the accurate scale of the attacks is even larger. WordPress is installed on approximately 455 million sites; this may hint at many sites being probed and hacked over time.

What Is Being Done to Combat It?

While this may seem like devastating news to its users, the File Manager developer team created and released a patch for the zero-day vulnerability as soon as it learned about the attacks. It was released on the same day the hack started. While many site owners have installed the latest patch, many take time to catch up, which can significantly hinder their chances of protecting themselves. But due to the slowness of updating the latest patch being a common theme, the WordPress developer team installed an auto-update feature for WordPress themes and plugins as part of WordPress 5.5. Site owners can now set plugins to auto-update themselves to run the latest version of a theme or plugin.

Is There Anything I Can Do if I Was Hacked?

If you believe you were hacked or wish to add more protection to your site, you can do the following things:

• Update WordPress if you are running a version File Manager below 6.9.
• Reinstall WordPress from the "Dashboard > Updates" menu, as this will clean the infected core files and change all admin users/database passwords.
• Enable Full WAF mode on applications like NinjaFirewall WP Edition (free) and NinjaFirewall WP+ Edition (premium).
• Enable plugins to be auto-updated. Go to your plugin list on the right side, and click on "enable auto-plugins." You can auto-update plugins of your choice and prevent some from updating, which can cause issues. But above all else, ensure you auto-update the antivirus plugin.

See our The Ultimate WordPress Maintenance Tips You Should Not Ignore for a complete break down on maintaining your WordPress website.

Should I Avoid WordPress 5.5?

With all of the concerns associated with hacks in general, it will make most of us think twice about using WordPress. But WordPress is such a vital component, especially for those running an e-commerce business or a blog. But the essential practice is to keep yourself updated on the latest developments. If you do not keep an eye on the latest vulnerabilities, especially in WordPress plugins and themes, you can find numerous resources to help you out. For example, there are dedicated social media accounts.

Many people who get hacked can feel "once bitten twice shy." However, WordPress is easy to use and can help people to maintain their website with ease, and version 5.5. doesn't disappoint. The Block Editor is easy to use, the Inline Image Editing has been made more accessible, the default Lazy Loading of images into a browser makes short work, and the themes and sitemaps have turned WordPress into a comprehensive experience. For those looking for an easy user interface so they can maintain their website with ease, WordPress 5.5 delivers the goods.

Conclusion

If you are a WordPress user and you are considering jumping ship, we wouldn't advise this just yet. WordPress 5.5 is an incredibly comprehensive tool for the beginner website designer that makes running and maintaining a website even more comfortable than before. If you need additional support, we suggest a WordPress Management Plan that includes support, maintenance, and security.