WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis.
No. 1 File Manager
Hackers are currently accessing the File Manager vulnerability in the highest number. Be careful if you find access logs like the following on your server.
/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php
If you are using File Manager, update to the latest version or remove the plugin, as hackers can upload arbitrary programs to your site via this file.
No.2 Duplicator – WordPress Migration Plugin
Duplicator is a plugin to duplicate WordPress, which is very useful when migrating WordPress to another server. However, there is a vulnerability that allows to download wp-config.php of your site in past versions.
The following access logs will be recorded on the server.
/wp-admin/admin-ajax.php?action=duplicator_download. .wp-config.php
If wp-config.php is downloaded, if your server is used in conjunction with a script for database access such as PHPMYADMIN, the WordPress database may be accessed and information and settings may be tampered with.
No.3 Media Library Assistant
Similar to Duplicator above, Media Library Assistant is also vulnerable to downloading wp-config.php in older versions. The following access log will be recorded on the server.
/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php
Access to other fake plugins already installed on the hacked site
The following hacker accesses are occurring in large numbers. This file does not originally exist in WordPress, and the corresponding plugin is not distributed on the official site.
We believe that another hacker is trying to access an already hacked and defaced WordPress site to take advantage of these backdoors.
/wp-content/vlu77.php /wp-content/plugins/ioptimization/IOptimize.php /wp-content/plugins/404.php
If you have any of the above three files on your server, we recommend that you delete them immediately.
How do I detect unauthorized access by hackers?
You can use the free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal] to scan the above plugins for vulnerabilities, detect tampered files, and log access by unauthorized hackers.
Please download and use this plugin as many functions are available free of charge.