At least 30 WordPress plugins infected with malware; more sites are considering migration
In recent years, the security of WordPress has come under scrutiny due to several high-profile vulnerabilities and attacks. In a recent attack, at least 30 WordPress plugins were infected, causing more than 1000 sites to be vulnerable. These security flaws have caused many businesses and organizations to consider migrating away from WordPress and towards more scalable and secure solutions like ReactJS hosted on Google Cloud.
One of the main security issues with WordPress is, unfortunately, also a major strength: the plugin ecosystem of WordPress through the years has become VAST. The Open-Source, free, WordPress has plugins for all needs and all types of sites and content. Making sure the plugins do not contain malware is a big challenge that has been met decently over the years. With the WordPress core being reasonably secure, the same thing cannot be said for all the plugins built for WordPress.
Woocommerce
The most recent attack malware exploits unpatched vulnerabilities in 30 different WordPress plugins, has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. One of these plugins included is the widely used ‘Woocommerce’ plugin. BuiltWith reports that in July 2022, a total of 6,322,323 websites use WooCommerce, or 46,398 of the world's top million websites. That's 0.3% of all websites or 4.64% of the top million websites, a sizeable proportion.
The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. The malware is also able to disable event logging, go into standby mode, and shut itself down. It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system.
Alternatives
Meanwhile, a WordPress alternative approach to Content Management has been gaining popularity. Headless CMS means that the Content Management System manage pictures, text and no layout. When you go for a Headless solution, you separate who handles the content from who handles the layout. The layout experts will create the layout, the content experts will write all the content. This ensures focus on individual specialisms.
ReactJS is a JavaScript library that, combined with the Strapi CMS, falls right into this category of Headless CMSes. By using ReactJS, businesses and organizations can create fast and reliable web applications that can handle large amounts of data and traffic.
Hosting ReactJS applications on Google Cloud can provide an additional layer of security, as Google has a proven track record of providing secure and reliable infrastructure. Google Cloud has many security measures to protect against threats, including data encryption, network firewall rules, and regular security audits.
Conclusion
In conclusion, the recent security flaws in WordPress have caused many businesses and organizations to consider migrating away from the platform and towards more scalable and secure solutions like ReactJS hosted on Google Cloud. While WordPress is a popular and widely used CMS, it is not immune to security threats and vulnerabilities. By using a more secure platform like a Cloud-based Headless CMS with Strapi and ReactJS businesses and organizations can better protect their data and ensure the security of their web applications.
If you want to know more about how we transformed from Server based WordPress installation to a Native Cloud based Headless CMS: we’re happy to tell you all about it! Get in touch with ZEN Software, and we’re happy to help you migrate your site to achieve Content and Commerce at any Scale.
Lightning-Fast Site, Awesome Conversion
Deliver content worldwide with a site that never slows down. Forget the WordPress or Magento delays—fast, safe, and cloud-based!
Read more:
Massive Security Breach: 1 Million+ Websites Exposed to Password Theft by Popular WordPress Plugin
In a shocking revelation that has sent shockwaves through the WordPress community, All-In-One Security (AIOS), a widely ...
A Developer's Guide to Agile Rollouts: adding Feature Flags in React
**Feature flags**, also known as **feature toggles** or **feature switches**, are a powerful tool in software developmen...
ZEN Software upgrades Wordpress Filogic.nl to Open Source Headless Cloud Solution for Unmatched Performance
Alkmaar, November 2023 — ZEN Software, a leader in innovative web solutions, proudly announces its latest success with F...
At least 30 WordPress plugins infected with malware; more sites are considering migration
In recent years, the security of WordPress has come under scrutiny due to several high-profile vulnerabilities and attac...
PostgreSQL vulnerabilities in cloud-managed databases
Based on research by [Wiz.io](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities): Th...
Migrate from WordPress to a new CMS
WordPress has been our Content Management System (CMS) since forever at ZEN Software. Why would we ever change a winning...