Attackers Use Abandoned Plugin To Backdoor Websites

In recent news, attackers have been using an abandoned WordPress plugin to backdoor websites. This malicious activity was first reported by security researchers at Wordfence who discovered that the attackers were exploiting a vulnerability in the WP-LiveChat plugin. The vulnerable version of this plugin had not been updated since 2015 and is no longer supported by its developers.

The attack works by exploiting a known vulnerability in the outdated version of WP-LiveChat which allows attackers to upload arbitrary files on affected sites. Once uploaded, these malicious files can be used to gain access to sensitive information or even take control of the entire website. To make matters worse, it appears that some versions of this plugin are still being actively distributed through third-party sources such as ThemeForest and CodeCanyon despite being unsupported for years now.

Fortunately, there are steps you can take to protect yourself from this type of attack if your site is running an outdated version of WP-LiveChat or any other vulnerable plugins:
• Make sure all plugins and themes installed on your site are up-to-date with their latest versions;
• Regularly scan your website for vulnerabilities;
• Ensure that only trusted users have access to administrative accounts;
• Monitor incoming traffic for suspicious activities;

By following these simple steps you can help ensure that your website remains secure against potential attacks like this one. It’s also important to note that while most WordPress plugins are safe and reliable, it’s always best practice to keep them up-to date so as not fall victim to any potential exploits like those seen here with WP Live Chat Plugin.

Attackers use abandoned WordPress plugin to backdoor websites | Attackers Use Abandoned Plugin To Backdoor Websites | Security | BleepingComputer