Security Diaries All About Security
Related Articles
There are many attacks that are happening on the internet. Each attack belongs to some type of attack family. One of my friend works in PayPal and he said PayPal alone gets 3000 attacks per second and imagine how many attacks are carried out worldwide. In this article I am going to explain to you how supply chain attack works and what is supply chain attack.
Recently there are many attacks on WordPress websites and most of them are supply chain attacks.
What is Supply Chain Attack?
Supply chain attack exploits the trust between software vendors and customers. Usually when you are buying any software or plugin for WordPress website then you are allowing them to run their code on your machine or website. That means you trust them and they can inject malware into your website from the updates released.
How can they attack?
- The author of plugin or the software developer can inject malware into updates
- Someone can purchase the plugin or software and then inject malware.
Some examples
- Captcha Plugin Installs Backdoor in 3 Lakh WordPress websites
- Three More WordPress Plugins Found Hiding a Backdoor
- Hackers using WordPress websites to mine cryptocurrency
Why WordPress?
- Almost 30%, to be precise 29.2% of websites in the world belongs to WordPress
- There are 53,566 plugins available to download.
- Its developer responsibility to comply plugins they publish with all their guidelines.
- Most of the people won’t monitor their WordPress sites and pretty much doesn’t care about security.
- Most of the plugins are not updated since years so anyone can purchase and that too for the low price. It’s easy to acquire abandoned plugin.
- As most of the plugins are free, authors can’t resist the offer they got for acquiring.
How to protect your WordPress site?
- There are so many plugins that get your work done but go for a plugin which is more trustworthy.
- Scan for malware, there are free tools and premium for that.
- You can block blacklist IP addresses using security plugins available and can block tor traffic too. This might add a layer of security.
- Don’t install plugins which aren’t updating for two years or more.
As the userbase is very high for WordPress there is a chance of getting more attacks. Stay secure don’t leave a stone unturned. Check all your gates and ports, lock them.
