Step right up, read all about it, WordPress website warning! Step right up! The Michigan State Police are alerting businesses in Michigan about security best practices for minimizing vulnerabilities. The Michigan State Police is reporting they have seen an increase in malicious activity on public websites, including those made using WordPress.
Plugins, plugins, plugins
We’ve written a few times on WordPress plugin vulnerabilities and the importance of updating your website plugins regularly. In one instance, over 1 million WordPress websites were at risk as a vulnerability was identified in the WPML, (WordPress Multilingual) plugin. Another 1 million plus WordPress websites were also found vulnerable to numerous plugin problems. Those three plugins impacted were WP Statistics (version 14.5 and earlier), WP Meta SEO (version 4.5.12 and earlier), and LiteSpeed Cache (5.7.0.1 and earlier).
Why plugins
Plugins are a simple and easy way to add functionality to a business website. The list of plugins is almost endless. Plugins can be anything from multilingual translation, SEO reporting, online purchasing, and even cybersecurity. However, plugins require consistent updates that are often forgotten. If the WordPress login page is the front door, think of plugins as the backdoor, the garage door, or maybe the window into the house or rather the website. Cybercriminals see plugins as a sneaky way to gain access to websites, which then grants access to all kinds of business critical data.
Other concerns
The Michigan State Police is specifically alerting on “Fake Updates” and the dangers of not verifying updates prior to selecting to update. They are also alerting about the use of AI in attacks, whether as brute force password attacks, zero-day exploitation, or in writing phishing emails. Unfortunately, there are countless uses of AI when it comes to cyberattacks.
Next steps
According to the Michigan State police websites should be updated regularly. Websites need to have strong complex passwords and when possible implement multifactor authentication. Businesses should also regularly backup their websites so if an attack does take the site down or alter it, the business can get it back to how it should be sooner. They also encourage regular security audits by security professionals. Following these steps will help reduce risk when the next WordPress website warning occurs!
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!