WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis.

No. 1 File Manager

Hackers are currently accessing the File Manager vulnerability in the highest number. Be careful if you find access logs like the following on your server.

/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php

If you are using File Manager, update to the latest version or remove the plugin, as hackers can upload arbitrary programs to your site via this file.

No.2 Duplicator – WordPress Migration Plugin

Duplicator is a plugin to duplicate WordPress, which is very useful when migrating WordPress to another server. However, there is a vulnerability that allows to download wp-config.php of your site in past versions.
The following access logs will be recorded on the server.

/wp-admin/admin-ajax.php?action=duplicator_download. .wp-config.php

If wp-config.php is downloaded, if your server is used in conjunction with a script for database access such as PHPMYADMIN, the WordPress database may be accessed and information and settings may be tampered with.

No.3 Media Library Assistant

Similar to Duplicator above, Media Library Assistant is also vulnerable to downloading wp-config.php in older versions. The following access log will be recorded on the server.

/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php

Access to other fake plugins already installed on the hacked site

The following hacker accesses are occurring in large numbers. This file does not originally exist in WordPress, and the corresponding plugin is not distributed on the official site.
We believe that another hacker is trying to access an already hacked and defaced WordPress site to take advantage of these backdoors.

/wp-content/vlu77.php
/wp-content/plugins/ioptimization/IOptimize.php
/wp-content/plugins/404.php

If you have any of the above three files on your server, we recommend that you delete them immediately.

How do I detect unauthorized access by hackers?

You can use the free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal] to scan the above plugins for vulnerabilities, detect tampered files, and log access by unauthorized hackers.

Please download and use this plugin as many functions are available free of charge.