FBI Warning about WordPress Applies to Small Businesses
The FBI issued an alert April 7, 2015 regarding WordPress vulnerabilities. WordPress is a frequently used website software. Plug-ins, or add-on features, are common, allowing flexibility in design.
A number of websites that use WordPress and related plug-ins have been victims of site defacement attributed to Islamic State in the Levant (ISIL) but the FBI states that they think the hackers are not ISIL/ISIS members, but sympathizers.
The attacks are very sophisticated, but still do significant damage to the websites hit.
Why the FBI Made the Announcement
The FBI is working to inform the business community that all businesses are potentially vulnerable. There has been media coverage recently regarding the need to share more cyber-attack information in order to better fight the crimes. Mainstream media doesn’t have the ability to cover all cyber-attacks, any more than it covers all physical crimes. Recent volume of these defacement attacks is sufficient for the FBI to be concerned on behalf of all businesses.
The attacks have impacted all types of businesses. There is not a focus on specific website names or geography. According to the alert, attacks have been made on
• news organizations
• commercial entities
• religious institutions
• federal/state/local governments
• foreign governments, and
• a variety of other domestic and international Web sites
Impact to Small Businesses
Any website designed with WordPress and related plug-ins is vulnerable. Websites for many small businesses are designed using WordPress. Small businesses often do not ensure that the software is patched thoroughly and immediately once a patch is available.
Steps you can take to reduce your risk include:
• Always run the latest version of WordPress and related plug-ins.
• Only use plug-ins that have are well-known and have positive feedback from other users.
• Make sure your hosting company is installing patches as soon as they are available. Consider using a hosting company that has significant experience with WordPress sites.
Additionally, the FBI suggests checking out WordPress vulnerabilities using free available tools such as:
To read more blogs please visit the National Cybersecurity Insitute website.