WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis.

No. 1 File Manager

Hackers are currently accessing the File Manager vulnerability in the highest number. Be careful if you find access logs like the following on your server.

/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php

If you are using File Manager, update to the latest version or remove the plugin, as hackers can upload arbitrary programs to your site via this file.

No.2 Duplicator – WordPress Migration Plugin

Duplicator is a plugin to duplicate WordPress, which is very useful when migrating WordPress to another server. However, there is a vulnerability that allows to download wp-config.php of your site in past versions.
The following access logs will be recorded on the server.

/wp-admin/admin-ajax.php?action=duplicator_download. .wp-config.php

If wp-config.php is downloaded, if your server is used in conjunction with a script for database access such as PHPMYADMIN, the WordPress database may be accessed and information and settings may be tampered with.

No.3 Media Library Assistant

Similar to Duplicator above, Media Library Assistant is also vulnerable to downloading wp-config.php in older versions. The following access log will be recorded on the server.

/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php

Access to other fake plugins already installed on the hacked site

The following hacker accesses are occurring in large numbers. This file does not originally exist in WordPress, and the corresponding plugin is not distributed on the official site.
We believe that another hacker is trying to access an already hacked and defaced WordPress site to take advantage of these backdoors.

/wp-content/vlu77.php
/wp-content/plugins/ioptimization/IOptimize.php
/wp-content/plugins/404.php

If you have any of the above three files on your server, we recommend that you delete them immediately.

How do I detect unauthorized access by hackers?

You can use the free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal] to scan the above plugins for vulnerabilities, detect tampered files, and log access by unauthorized hackers.

Please download and use this plugin as many functions are available free of charge.

Related Posts:

  1. More attacks against vulnerabilities in the plugin Duplicator
    Duplicator, a plugin deployed on millions of sites that allows users to migrate, copy, move, clone, and create backups of WordPress sites, is vulnerable in versions 1.3.26 and below....
  2. Log and visualize WordPress hacker attacks
    Here are some of the most common attack patterns recorded as hacking logs that we detect on a daily basis....
  3. What are program vulnerabilities in WordPress?
    WordPress and plugins require updates to close vulnerabilities, but we will explain the most dangerous types of vulnerabilities....
  4. Reasons for repeated hacker defacement and malware infection on WordPress sites
    Once a WordPress site has been defaced by hackers, embedded malware, or infected with a virus, the site may be repeatedly defaced even after you think you have removed the malware. We will explain how to deal with such cases....
  5. Is it dangerous to install PHPMYADMIN in the same folder as WordPress?
    phpMyAdmin is a widely used database management system that allows you to view your database and make all possible edits and modifications in your browser, but it can cause security problems if it is installed in the folder where WordPress is installed. We will explain the reasons for this....
  6. Five free WordPress security measures
    Here are five free WordPress security measures you can take....