Orlando WordPress Developer
This past weekend, a major vulnerability was discovered on WordPress’ Easy SMTP plugin. This plugin, which allows users to configure SMTP connections for outgoing email has been installed on at least 300,000 WordPress websites. Hackers could exploit this vulnerability by setting administrative control for themselves. Make sure to continue reading to learn the basics of this attack and how to protect yourself.
The vulnerability is only present in version 1.3.9 of the plugin. The root of the vulnerability is in the Import/Export functionality which was added to Easy WP SMTP in version 1.3.9. The new code resides in the plugin’s admin_init hook, which executes in wp-admin/scripts like admin-ajax.php and admin-post.php.
In short, the flaws in the code mentioned above do not include capabilities for special permissions, which means that unauthenticated users can access the website through it. If you would like to learn more about the specifics of the vulnerability, check WordFence’s article.
How to Keep your WordPress Website Safe
The best way to keep your website safe is to update the Easy WP SMTP plugin. On the other hand, if you think your website has been compromised already, there are a few ways to double check:
- Logged traffic from the following IPs:
- Database siteurl and home values not matching their intended values, especially including the following domains:
- Administrator accounts present for unknown users. For example:
The latest version of the plugin Easy SMTP, released 4 days ago, claims to fix the following:
- Fixed potential vulnerability in import\export settings.
If you are struggling to determine if your site has been compromised, to update your plugins, or if you would like to ensure your WordPress website is completely protected against hackers, contact us and we will take care of all of your WordPress maintenance needs.
Orlando WordPress Website Maintenance
If you would like Orlando WordPress Experts to hacker-proof your WordPress website, please reach out! We are expert WordPress developers & designers located in Orlando, Florida.