There is a famous quote by Sir Isaac Newton – “What we know is a drop and what we don’t know is ocean”. The very same thing goes when are to talk about our Internet Security or Website Safety. It’s small yet so vast that it is impossible to protect it.. Bruce Schneier, a renowned Cryptographer once said, “I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, Nothing–you’re screwed.”
It is something over the top and highly complicated, but then it’s all about right protection of your data and system. One may be screwed if nothing is done to protect oneself and Internet have always been a war between Good guys and Bad guys. Something that we also call as Ethical Hackers and the Criminal Hackers.They have pretty much same work and possess similar knowledge. All that’s different is their motive, their approach towards something. Recently there was a news of WordPress sites under attack from new Zero-Day in WP Mobile Detector Plugin. The WP mobile detector plugin is an effective tool that simply detects mobile users visiting a site and allows webmasters to load a specific mobile friendly theme.
The attackers used this plugin to upload backdoor scripts on WordPress sites in such a way that it would show adult themed SEO spams on it. Such affected websites would cause severe deterioration of website value among the market.This kind of vulnerability that came almost after 20 years the PHP coding started, is a very serious concern. Something of this extent where attacker can easily upload any file on the WP site calls upon the basic lessons on file upload security.
It is scaring for many who have their websites based on WordPress. But it should be learned that a much dreadful attack was averted by many developers who notified about this loophole to Developer and later to the WordPress Plugin Directory.The action was swift and WordPress has not only removed the plugin from the directory but also released it Version 3.6 which had this vulnerability fixed. By the time plugin was removed, it had more than 10 thousand installs but after the update it has only a bit more than 1000.The similar code like the Zero-Day was also found in another plugin called ImageMagick which is used to directly of indirectly resize the images uploaded by the end users. There is no panic as security firms like Sucuri has confirmed there is connection between the two vulnerabilities.Yet, one thing is for sure, how hard one may try but there is sure gonna be attacked yet one has to be ready and prepared for any type of vulnerabilities.