More than 300,000 WordPress sites targeted in cyber attacks since, July 14, 2023. Wordfence, a leader in securing WordPress, reports that on Saturday July 15, there were over 1.3 million attacks on over 157,000 accounts alone. This attack is utilizing a vulnerability in the popular plugin WooCommerce Payments, which integrates payment options into your WordPress website. The National Vulnerability Database from NIST (National Institute of Standards and Technology) has rated it a 9.8 out of 10, giving it a critical rating.

Should you worry

The answer like with most things cybersecurity is, maybe. Back in March WooCommerce patched this vulnerability and WordPress auto-updated websites hosted on WordPress that used the impacted WooCommerce plugin. So if your site is hosted on and is versions 4.8.0 through 5.6.1, you should be okay.

If your website is not hosted on and your WooCommerce version 4.8.0 or higher, you will need to manually update your plugin yourself to apply the fix.

Plugins becomes open doors

We love websites like WordPress because of the ease of use and the integration with low cost and no cost solutions. These solutions or plugins, allow us to create easy to use, easy to build, and easy to maintain websites. You need a plugin for signatures, for payments, for playing videos, you can find one. While this is a great benefit and feature to us all, it also creates a risk. Every third party solution we integrate into our website becomes one more open door for a cyber criminal to use to get into our system.

What you can do

The first step is to identify what kind of website you use and identify all of your plug-ins. If you are using WordPress and this particular plug-in you will need to update to their latest release. Knowing your site and the integrations used is important, just like knowing your business data. This allows you to have a better grasp of where your risks might be.

The next step is identifying if your site plug-ins require any updates. Just like software on your computer or apps on your phone, plug-ins need regular updates. Some plug-ins will update in the background out of your control while others can have automatic updates enabled. In many cases though, you will need to update them manually. So it is important to make an update schedule. This allows you to follow a set schedule to check for updates and make updates as they become available.

Websites are one of the most used tools to communicate with customers and potential customers. Cybercriminals see websites as a doorway to data, financial accounts, and direct access to your business networks. Let’s update our plug-ins, update our websites, and keep our small businesses secure!

For more information on WordPress sites targeted and other small business cybersecurity resources, check out Small Business, Big Threat!