Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
WordPress Websites Targeted: Hackers Exploit LiteSpeed Cache Flaw
WordPress website owners and administrators should be aware of a recent surge in attacks exploiting a security vulnerability in older versions of the popular LiteSpeed Cache plugin. This plugin is a powerful performance optimisation tool used by millions of websites to speed up page loads. However, neglecting to update it can leave your site open to attack.
Understanding the Threat
The vulnerability (CVE-2023-40000) exists in LiteSpeed Cache versions older than 5.7.0.1. Attackers can exploit this flaw to inject malicious JavaScript code into a website. This code often performs the following actions:
- Creates Rogue Admin Accounts: New administrator accounts with names like ‘wpsupp-user’ or ‘wp-configuser’ are secretly created, giving attackers complete control over the website.
- Modifies Website Content: Attackers can change your website’s content, install malicious plugins, or redirect visitors to dangerous external sites.
- Distributes Malware: The compromised website could be used to spread malware or launch phishing attacks.
How to Protect Yourself
The most effective defence against this threat is to take these immediate steps:
- Update LiteSpeed Cache: If you use LiteSpeed Cache, update it to the latest version as soon as possible. Check the plugin’s settings page within your WordPress dashboard to see which version you currently have.
- Review Plugins and Themes: Consider removing any unused plugins or themes as these can also introduce security vulnerabilities. Ensure those you keep are up-to-date.
- Monitor for Rogue Admins: Regularly check your WordPress user list for any suspicious administrator accounts and delete them immediately.
- Enforce Strong Passwords: Use complex passwords or passphrases for all WordPress user accounts.
If You Suspect a Breach
If you find signs of compromise, such as the “wpsupp-user” account or suspicious JavaScript code, immediately perform a complete site cleanup:
- Delete Rogue Accounts: Remove any unauthorised administrator accounts.
- Reset Passwords: Change the passwords of all existing user accounts.
- Restore from Backup: Restore your database and website files from a backup created before the compromise.
- Setup 2-Factor-Authentication: for all site admins.
Prevention is Key
Proactive security measures help minimise the risk of your site falling victim. By updating plugins, staying vigilant, and keeping clean backups, you significantly increase your WordPress website’s security.
This vulnerability highlights the dangers of outdated software on websites. Hackers often target known vulnerabilities within popular plugins.
Additional Resources
- LiteSpeed Cache official website: https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration
- WPScan Vulnerability Database: https://wpscan.com/
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…