ATTENTION WordPress Website Owners – Website Vulnerability

by InMotion Hosting

2 Minutes, 13 Seconds to Read

WordPress Website

We were recently informed of a pretty large attack on WordPress websites that use the Abandoned Cart Lite for WooCommerce plugin. With over 20,000+ installs, this vulnerability isn’t a minor issue. Let’s take a look at what hackers are doing and how you can prevent it from happening to your website.

Taking over a website and infecting isn’t too hard for hackers when version 5.1.3 or later is installed. The hackers pretend to be customers and add items to the cart, but when the time comes for checkout info, they enter fake information and injected code via a link to the billing “last name” field. They then will abandon the cart, causing the Abandoned Cart Lite plugin to log the information. The code that they injected with that link will then run once you or anyone with administrator privileges logs in and views the “abandoned carts” in the backend of the website.

What This Means for You

So what happens after someone views the abandoned carts? You probably won’t notice anything right away, but let’s look at what happens in the background.

The injected code opens up two “secret” doors into your website. The first door allows the hacker to create an administrator user named ‘woousers’. As this is an admin user, they will have full access to your website.

The second door is a bit more complex, and is ultimately a “backup” plan in case something doesn’t work with the first door. Basically, the injected code will look for any plugin that is installed on your website that is not active (disabled) and will then replace the files of that plugin with malicious code, giving them full control.

How to Prevent Attacks on Your WordPress Website

So, how do you prevent this from happening? First off, you need to run updates on your WordPress website. Since this plugin vulnerability has been discovered, Tyche Softwares, the creators of Abandoned Cart Lite for WooCommerce have issued an update to fix this issue.

While the update goes above and beyond and will automatically remove the ‘woousers’ if it finds it listed, there is still a possibility of infection depending on the number of ‘doors’ that were created.

Keep Your Website Prepared

Unfortunately, there isn’t any way of knowing how many websites have been infected, so the best way to prevent against this from happening is to run updates and keep an eye on your website over the next few weeks. If you have backups of your website, we recommend having it ready in case something goes wrong.

The main key to protecting your website from vulnerabilities, is to take backups and run updates.

Related Articles
Why Website Security is Important for Your Business
Is the WordPress XML-RPC file safe, or should I block it?
ATTENTION WordPress Website Owners – Website Vulnerability
5 Reasons Why You Need to Backup Your Website
How to Surf Safely and Block Cookies
Cyber Security Awareness: Are You and Your Website Protected?
6 Ways to Secure Your Web Activity From Your Computer
Concerned of Being Hacked? – 10 Steps to Better Website Security
National Computer Security Day – How Volunteers Fixed The Worst Vulnerability On The Web
Keeping Your eCommerce Website Secure for the Holidays

Was this article helpful? Join the conversation!

Get New Content & Special Offers
Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.