At least 25% of all pages on the web work under WordPress. If you are managing WordPress site and have not installed 4.7.4 update yet, please take a few moments and update your WordPress to the latest version. If you won’t do it, there is a risk that someone else (cracker) will do it for you! There is an exploit for the default installation of WordPress, without any plugins, just plain < 4.7 version.
This attack is very sophisticated and clever. Author combined an error in PHPMailer, bypassed the WordPress filters and PHPMail validation, as well as restrictions of HTTP headers, used the RFC element and internal Exim variables and finally gained access to the server’s shell. Unfortunately he shared a ready-to-use script on his web page. It’s so easy now, any kid can attack not updated WordPress! Exploit was fixed na WP 4.7.1, but many site owners are afraid of updating.
It all started from this little snippet from file wp-includes/pluggable.php:
if (!isset($from_email)) {
// Get the site domain and get rid of www.
$sitename = strtolower($_SERVER['SERVER_NAME']);
if ('www.' == substr($sitename, 0, 4)) {
$sitename = substr($sitename, 4);
}
$from_email = 'wordpress@' . $sitename;
}
/**
* Filters the name to associate with the "from" email address.
*
* @since 2.3.0
*
* @param string $from_name name associated with the "from" email address
*/
$from_name = apply_filters('wp_mail_from_name', $from_name);
$phpmailer->setFrom($from_email, $from_name);
After a successful exploitation, attacker would be able to execute arbitrary code on the target server and compromise the target application. That means that attacker could have access to all your private data (orders, clients, payment etc.) and inject a malware or spam links to your site.
How to prevent the attack?
Update your WordPress to the latest version immediately!
Note: Backup your website before updating. Reckless and unprofessional upgrade may broke your website!
Are You Afraid of Upgrading Your WordPress?
Let us handle this. We will make a full backup of your WordPress. Perform a safe upgrade to the newest version available. We will immediately fix any issues caused by the upgrade. We guarantee that your site downtime will be minimal.
Not Sure if You've Been Hacked?
We will perform a security audit on your WordPress and search for any signs of security breach. We will remove any malware if we’ll find it.