Millions of websites around the globe make use of WordPress as their content backbone, and while it has had its fair share of security hiccups, a new warning about vulnerabilities in WordPress now comes from the US’ Federal Bureau of Investigation (FBI).
In a public announcement by the FBI, it warned that “individuals sympathetic to the Islamic State in the Levant (ISIL)” are making use of more exploits to deface and hack websites.
“The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites,” it said in the post.
Giving specific mention to WordPress, it noted that researchers are still identifying vulnerabilities in WordPress’ Content Management System (CMS) plug-ins, “which could allow malicious actors to take control of an affected system.”
The FBI warning proved to be almost self-fulfilling, as French TV network TV5Monde was hit with a massive cyber attack on Wednesday evening by individuals claiming to be supporters of ISIL.
“Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it. The CyberCaliphate continues its cyberjihad against the enemies of Islamic State,” read one message on the network’s Facebook page. Its official website was also hit, with images of the hackers and threats in French, Arabic and English.
According to The Guardian, the hack on TV5Monde caused a three-hour broadcast blackout, after which it resumed with limited air time.
“We are no longer able to broadcast any of our channels. Our websites and social media sites are no longer under our control and are all displaying claims of responsibility by Islamic State,” TV5Monde network director general Yves Bigot said in a statement.
At the time of writing, the official website was still “en maintenance.”
The FBI, however, has made it clear that those hacking websites are not necessarily members of ISIL, but rather sympathisers who are aware that using the terrorist organisation’s name will help them garner notoriety.
“The FBI assesses that the perpetrators are not members of the ISIL terrorist organization. These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered.”
The FBI also recommended a few tools and tips that WordPress users can make use of to avoid falling victim to potential cyber attacks. Among them is patching vulnerable plugins, confirming that the operating system and all applications are running the most updated versions as well as removing administrative privileges to diminish effects of a successful attack.
[Image – CC by 2.0/Alexandre Dulaunoy]