Websites & Hosting

Blog

Introduction

We always update or patch WordPress websites continuously, not only we use the auto update function build into WordPress but we also use centralized monitoring and updates.

Critical zero-day vulnerability fixed in WordPress File Manager

On september the first we read an article named: Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations). On the nintechnet website.

The popular WordPress File Manager plugin (700,000+ installations) fixed a critical zero-day vulnerability affecting version 6.8 and below.
The vulnerability allows an unauthenticated user to run the file manager commands by directly accessing an unprotected file from its elFinder package:
Here’s a sample log we found today on one the several hacked websites we had to deal with:

185.222.57.0 - - [31/Aug/2020:17:25:23 +0200] "POST //wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 200 1085 www.xxxxxxxxx.com "-" "python-requests/2.24.0" "-"
185.222.57.0 - - [31/Aug/2020:17:25:27 +0200] "POST //wp-content/plugins/wp-file-manager/lib/files/hardfork.php HTTP/1.1" 200 13665 www.xxxxxxxxx.com "-" "python-requests/2.24.0" "-"

The hacker uploaded a hardfork.php script and used it to inject code into the WordPress /wp-admin/admin-ajax.php and /wp-includes/user.php scripts.

You can read the article here: Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations).

Nintechnet is the company behind Ninja Firewall.

We updated WordPress on the first of september 2020

When we read the word “zero-day” regarding WordPress or its plugins we are extra alert. We forced an automatic centralized update. The moment the updates became available from WordPress we updated to WordPress Version 5.5.1. However a view days before we updated to version 5.5, this was an automated process.

We use the Plesk WordPress Toolkit, also for websites not running on our servers we install a plugin for centralized management.

Hackers attempted to breach WordPress on 1.7 million sites

On september 7 we read an article in the news that Hackers attempted to breach WordPress on 1.7 million sites.

Hackers attacked 1.7 million sites running WordPress blogging software this week, cybersecurity firm Defiant reports. The company registered a million attempts to access WordPress sites on Friday alone.

Defiant is the company behind Wordfence.

Wordfence & Ninja Firewall

Wordfence and Ninja Firewall are WAF firewalls. They are plugins you can install to protect your WordPress website.

If you were using one of those firewalls you were protected from the start. According to the makers of the WAF firewalls they detected the threat fast and made firewall rules available.

Remark: If you used our Cloudflare firewall rules you were protected even before the vulnerability was discovered. We block requests to .php files in the wp-content directory. Read more about: Cloudflare firewall rules for WordPress

Wordfence VS Ninja Firewall

I can be very short in my answer, there have been many reviews about both those firewalls.

Wordfence

The good thing about Wordfence is it user interface, loved by many. The bad thing is that is uses a lot of database tables and is resource intensive especially when live monitoring is on.

Ninja firewall

Ninja firewall is very lightweight and fast, it does what it should do; and does a good job. You can read a benchmark here: WordPress brute-force attack detection plugins comparison

The winner

They are both good plugins, the big difference is that Ninja Firewall is not resource intensive and will not affect your pagespeed or server resources neither to many database tables. That is why we choose Ninja Firewall for our clients.

In order to use Ninja Firewall you should configure it properly, to help you we have made an import file available for you to use.

The only thing to do is import and save the configuration file in “Firewall Options” and change your email in “event notifications”

Choose file, import and save firewall configuration.

Insert your email address here in event notifications and save event notifications.

You can download the configuration file here

You can download or obtain more information here: Ninja Firewall

Conclusion

Always update or patch your systems in time, do not ignore zero-day vulnerabilities. Protect your WordPress website with a WAF firewall and Cloudflare, it is free and makes your website faster.

Add free firewall rules to your Cloudflare firewall: Cloudflare firewall rules for WordPress

Recommended

A fast, lightweight WAF firewall Ninja Firewall use our configuration file at own risk for fast deployment. Protect your WordPress websites with a WAF Firewall and Cloudflare.

Another good option is the paid version of Sucuri, Sucuri Website Security Platform for Complete Website Security, this is not a WAF but more a reverse proxy like Cloudflare.